Reply to post: Re: It only makes it easier to crack...

'Password rules are bullsh*t!' Stackoverflow Jeff's rage overflows

picturethis
Facepalm

Re: It only makes it easier to crack...

^^this^^

Putting a delay in after submitting each requst essentially moves the problem into a different space. Even is one can create a number of passwords at a prodigious rate, if the reponse to accept the submitted password is delayed, then the entire cycle is extended - by a lot.

It doesn't matter how fast you can create the passwords, it is how fast each one can be tested. This squarely puts the onis on the websites/devices to implement this.

I have a 10 year old Dell laptop and if one mistypes the BIOS boot password, it delays additional time (like 5 seconds more) for the next try and then on the 3rd time even more time. Try automating the cracking of that. This method has been used for at least 10 years, where the fuck are the website designers/operators?

It wouldn't even impact 99.99% of users, as they will enter their password correctly the first time, only retries (during a hack attempt). HELLO (Website Designers)...

This is one of "those" cases where faster (website response) isn't always better.

Of course this only applies to brute-force/dictionary attacks, cookies, sql injection etc, maybe not so much.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019