Most phones have a very good anti-randomly-guessing-passwords system.
You have 5 attempts, after you fail 5 times you wait 60 seconds, then if you fail again it's 5 minutes, then again it's 10 min - or whatever the intervals are. The point is is that the more times you fail the longer you have to wait, this shuts out brute force attacks, but allows the user the chance to retry in just a few moments and at the same time give the user the sense that "hey, this website really cares about my account"
Be vigilant. The forget password section usually contains hole(s) for attackers to use. I remember back like ~5 years ago, Joomla had a vulnerability where you could type in literally just ' in the password recovery key field and it would instantly give you access to resetting the super-users password. Lawlz. <offtopic> Every site i went to that was Joomla driven, I had super-user access, it was kinda fun - My school had this vulnerability as well. wrote a script where you could press F12 on any page and it would black out the page and load a message saying "LOL HACKED" then load a game of snack, that made classes a bit more fun </offtopic>
Originally Posted by devinmaking
Do you guys know any hackers who when ive finished can test my site for issues so that i can make sure that others cant take advantage of them?
I would love to be fully allowed to deface your website