Which behavior could be indicative of password cracking?

Frequent account lockouts can be a significant indicator of password cracking attempts. When an unauthorized person is attempting to gain access to an account through brute-force methods, they will repeatedly enter various passwords. If the correct password is not provided within a certain number of attempts, the system may lock the account as a security measure. This self-protective behavior by the system is a clear sign that there may be an ongoing effort to crack a password.

While the other behaviors listed can also be associated with security incidents, they do not specifically point to password cracking. For instance, an increase in user access requests might stem from legitimate changes in workload or project requirements, rather than malicious activity. Phishing attempts are focused on tricking users into revealing their credentials through deception, rather than systematically cracking passwords. Lastly, credential changes themselves do not indicate cracking; they might simply reflect normal user behavior or a legitimate security measure in response to previous events. Overall, frequent account lockouts are a direct consequence of attempted unauthorized access, making them a clear indicator of password cracking attempts.