Password cracking is usually done over the network by trying many passwords to log into an account.

The main idea here is the difference between online and offline password attacks. In practice, cracking passwords most often happens offline, after an attacker has obtained password hashes or a password database from a compromised system. Once those hashes are in hand, tools can test vast numbers of guesses very quickly without interacting with the live login over the network, and without triggering online defenses like rate limits or account lockouts. Online guessing against a real service is possible but typically much slower and more easily thwarted by protections, which is why it’s not considered the usual method. So the statement isn’t accurate: password cracking is not usually done over the network by repeatedly trying passwords to log into an account; offline cracking of stolen hashes is the more common approach.