Thread: preventing brute force
View Single Post
Old 01-31-2013, 08:57 AM   PM User | #6
felgall
Master Coder

 
felgall's Avatar
 
Join Date: Sep 2005
Location: Sydney, Australia
Posts: 5,453
Thanks: 0
Thanked 498 Times in 490 Posts
felgall is a jewel in the roughfelgall is a jewel in the roughfelgall is a jewel in the rough
Quote:
Originally Posted by devinmaking View Post
So having a 15 minutes is a little to much then.
Would you want to wait that long to try again if your finger slipped and you mistyped your password?

You might lock an account for that long after several wrong passwords have been entered but not on each attempt.

The suggestion of a lock for a few seconds is after each and every wrong attempt or attempt while locked. So typing a wrong password would lock the account for a few seconds - which most people would use up simply in realising that they typed it wrong and to retype it - so that a person shouldn't even notice the lock. Only a bot that is submitting 1000 passwords a second would be affected.
__________________
Stephen
Learn Modern JavaScript - http://javascriptexample.net/
Helping others to solve their computer problem at http://www.felgall.com/
felgall is offline   Reply With Quote