Reply to post: Re: It only makes it easier to crack...

'Password rules are bullsh*t!' Stackoverflow Jeff's rage overflows

Kiwi Silver badge

Re: It only makes it easier to crack...

It does require the site to store failed login attempts though or at least flag accounts. Could not that be used in a site attack?

Only to get people's accounts locked out. My bank gives you a limit of 3 failed logins after which IIRC you have to visit a branch to reset the account. You may be able to do it via phone banking, but I believe it requires a branch visit. No, not going to test it!

Aside from getting people locked out, I can't see any attack vector from storing failed attempts?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019