 | | Re: PW validation (was: Re: Opinions wanted: article rating harmful?) —Dan Boger
|
| | | (...) true, but can't you limit the number of attempts to, say, 5 in 30 minutes... that will make brute force attacks impractical... :) Dan (24 years ago, 23-Apr-00, to lugnet.admin.general)
|
| | | |
| | | | | Re: PW validation (was: Re: Opinions wanted: article rating harmful?) —Todd Lehman
|
| | | | (...) How without opening an equally dangerous door? --Todd (24 years ago, 23-Apr-00, to lugnet.admin.general)
|
| | | | |
| | | | | | Re: PW validation (was: Re: Opinions wanted: article rating harmful?) —Dan Boger
|
| | | | (...) Well, for a brute force attack to be successful, they have to try 100,000s of passwords... if you limit them to 5 tried every 30 minutes, it's pretty certain that they won't stumble upon the correct password before the password owner dies... (...) (24 years ago, 23-Apr-00, to lugnet.admin.general)
|
| | | | |
| | | | | | Re: PW validation (was: Re: Opinions wanted: article rating harmful?) —Larry Pieniazek
|
| | | | (...) Denial of service. I could write a bot that wakes up every 4 minutes and tries 6 random passwords for your account (and theoretically every one else's too) thus denying you (or theoretically anyone) the ability to get on as a member, because (...) (24 years ago, 23-Apr-00, to lugnet.admin.general)
|
| | | | |
