REGISTER or login:
A four-digit password could be broken in closer to five seconds than to five minutes. But it normally shouldn't be a problem. (I assume that you're actually asking about a PIN rather than a "password".)
In general, the protection would be by making any PIN storage location inaccessible to hackers and also by limiting the number of allowed attempts to, say, three failures. Protections are combined with proper monitoring of actions such as failed attempts. If only three tries are possible before the account is locked and requires a new PIN assignment, it's not very relevant how fast new combinations can be tried.