|
|
|
|
|
|
by KMag
4887 days ago
|
|
|
You are incorrect. The policy is that users get locked out after 3 attempts... until attackers get smart enough to bruit force through the usernames, 3 wrong passwords each. 80% of the customers getting locked out of their bank accounts at 5 PM on a Friday only happens once before the bank changes policies to something that allows the attackers to perform a rate-limited attack on the 5-character passwords. The new lockout policy goes into effect before the bank can force everyone to upgrade their passwords. GAME OVER |
|
|