Usually passwords are not tried one-by-one against a system's secure server online instead a hacker might manage to gain access to a shadowed password file protected by a one-way encryption algorithm, then test each entry in a file like this to see whether its encrypted form matches what the server has on record. A hacker can use or generate files like this, which may readily be compiled from breaches of sites such as Ashley Madison.
If your password is on this list of 10,000 most common passwords, you need a new password.