| | Re: PW validation (was: Re: Opinions wanted: article rating harmful?) Larry Pieniazek
|
| | (...) Draconian and rather big-parentish. Why can't I take the risk of a sucky password if I so choose? Not that I personally would, mind you. Now, unlike government jackbootedness, we do as consumers have a choice not to use Lugnet... but what (...) (25 years ago, 23-Apr-00, to lugnet.admin.general)
|
| | |
| | | | Re: PW validation (was: Re: Opinions wanted: article rating harmful?) Todd Lehman
|
| | | | (...) You put more at risk than your own data or matters when you choose a sucky password. (Think about it.) (...) Increased probability of successful brute-force compromises. (...) Have I somehow given you the impression that that the only purpose (...) (25 years ago, 23-Apr-00, to lugnet.admin.general)
|
| | | | |
| | | | | | Re: PW validation (was: Re: Opinions wanted: article rating harmful?) Dan Boger
|
| | | | | (...) true, but can't you limit the number of attempts to, say, 5 in 30 minutes... that will make brute force attacks impractical... :) Dan (25 years ago, 23-Apr-00, to lugnet.admin.general)
|
| | | | | |
| | | | | | | Re: PW validation (was: Re: Opinions wanted: article rating harmful?) Todd Lehman
|
| | | | | | (...) How without opening an equally dangerous door? --Todd (25 years ago, 23-Apr-00, to lugnet.admin.general)
|
| | | | | | |
| | | | | | | | Re: PW validation (was: Re: Opinions wanted: article rating harmful?) Dan Boger
|
| | | | | | (...) Well, for a brute force attack to be successful, they have to try 100,000s of passwords... if you limit them to 5 tried every 30 minutes, it's pretty certain that they won't stumble upon the correct password before the password owner dies... (...) (25 years ago, 23-Apr-00, to lugnet.admin.general)
|
| | | | | | |
| | | | | | | | Re: PW validation (was: Re: Opinions wanted: article rating harmful?) Larry Pieniazek
|
| | | | | | (...) Denial of service. I could write a bot that wakes up every 4 minutes and tries 6 random passwords for your account (and theoretically every one else's too) thus denying you (or theoretically anyone) the ability to get on as a member, because (...) (25 years ago, 23-Apr-00, to lugnet.admin.general)
|
| | | | | | |
| | | | | | Re: PW validation (was: Re: Opinions wanted: article rating harmful?) Larry Pieniazek
|
| | | | (...) Who said that? Not me... ++Lar (25 years ago, 23-Apr-00, to lugnet.admin.general)
|
| | | | |