Y
Hacker News
new
|
ask
|
show
|
jobs
by
rrrrrrrrrrrryan
1642 days ago
If there's a leak of valid usernames or email addresses, for a system that has a few million users, that has a lockout after 10 wrong guesses, then you could gain access to
one
account for every 10,000 lockouts.
1 comments
seba_dos1
1642 days ago
> leak of valid usernames or email addresses
...and passwords, because OTP is the second factor.
link
...and passwords, because OTP is the second factor.