It doesn’t. Cracking programs don’t use the user login form repeatedly. They use the same algorithm that creates the publicly encoded password to generate encoded passwords and keep going until they have a match. Besides getting the encoded password and salt, everything is done offline.

This just creates a really bad user experience.