Y
Hacker News
new
|
ask
|
show
|
jobs
by
woliveirajr
3523 days ago
But then you (you= any person) have to consider that it'll block after some tries.
It's different from a system that never blocks passwords, security questions, and so on.
2 comments
Drdrdrq
3523 days ago
Great, then it's a DOS attack. Unless it is limited per IP, and then it's not effective again if attacker has a botnet.
link
robryk
3523 days ago
Attacker's first attempt has a nonnegligible chance of success. Attacker can just do one attempt against one account and move to attacking a different account after each failure.
link