Many countries have strict computer fraud laws that criminalize unauthorized access attempts. Even a single attempted login without permission could lead to:
Here's a complete example workflow for an authorized test: passlist txt hydra
Here are some common Hydra commands: