[devinmaking]

Quote:

Originally Posted by TFlan

Most phones have a very good anti-randomly-guessing-passwords system.

You have 5 attempts, after you fail 5 times you wait 60 seconds, then if you fail again it's 5 minutes, then again it's 10 min - or whatever the intervals are. The point is is that the more times you fail the longer you have to wait, this shuts out brute force attacks, but allows the user the chance to retry in just a few moments and at the same time give the user the sense that "hey, this website really cares about my account"

Be vigilant. The forget password section usually contains hole(s) for attackers to use. I remember back like ~5 years ago, Joomla had a vulnerability where you could type in literally just ' in the password recovery key field and it would instantly give you access to resetting the super-users password. Lawlz. <offtopic> Every site i went to that was Joomla driven, I had super-user access, it was kinda fun - My school had this vulnerability as well. wrote a script where you could press F12 on any page and it would black out the page and load a message saying "LOL HACKED" then load a game of snack, that made classes a bit more fun </offtopic>



I would love to be fully allowed to deface your website

Dont want it defacing lol, just advising where the holes are.