Y
Hacker News
new
|
ask
|
show
|
jobs
by
the_gipsy
1710 days ago
Even if it’s encrypted, they could send both forms.
Edit: not a good idea.
1 comments
squeaky-clean
1710 days ago
I'm no security expert, but this would let someone try two unrelated passwords at once and so probably wouldn't be done client-side.
link
iso1210
1710 days ago
In practice is there really any difference between allowing a client to try 10 passwords before 'lock out' (say no more attempts for 10 minutes), or try 5 passwords before hand.
link
the_gipsy
1710 days ago
Ouch, you are right.
link