|
|
|
|
|
|
by pseudalopex
19 days ago
|
|
|
Authentication systems had lock out periods or increasing delays since decades. 1 attempt per 5 seconds and 12 attempts per minute would be equivalent for brute force. And 12 attempts per minute would be a very loose lock out policy. |
|
|
There's such thing as bad defaults and starting too heavy-handed is starting with bad defaults.
In short, current default is a good compromise and a good default.