|
|
|
|
|
|
by danielparks
1648 days ago
|
|
|
Given the number of services that turned out to use plaintext or trivial password hashing (e.g. MD5), I would bet there are a bunch of services out there that do not effectively limit OTP attempts. It’s been a long time since I did any work on a real authentication system — since before TOTP was common, anyway. I appreciated the post and found it interesting. |
|
|