Hacker News new | ask | show | jobs
by krallja 4326 days ago
You can then use this lockout for a denial of service attack.
1 comments
brey 4326 days ago
oh no ... I am unable to change my (perfectly secure) password for ten minutes because an attacker is attempting to brute force my password reset. I'd regard that as a feature, not a bug.

you don't need to lock out the entire account.

link