Hacker News new | ask | show | jobs
by thtthings 2523 days ago
Why do they not lock the account after n number of tries say 5?

The user will need to use a different way to authenticate if they can't enter the correct code in 5 tries
2 comments
rileymat2 2523 days ago
It gets tricky to implement lockouts, so the next article very well could be "How I DOSed all of Instagram"

[Obvisouly, there are ways just easy to screw up]

link
AgentME 2523 days ago
There was a limit, but a race condition allowed the limit to be bypassed.
link