|
|
|
|
|
|
by jules
5002 days ago
|
|
|
You are very likely already exposing that via a timing attack. If you disallow many login attempts in quick succession then it is also a non issue. If you have that in place and somebody is able to guess the password of a random account (it's an account found by randomly trying usernames after all), then it must be an extremely bad password. The benefits far outweigh the minuscule security risk. |
|
|