Re: Don't Just Blame Users
They are, after all, the ones that would have to deal with the mess of, say, a forum that got spammed to destruction if all user accounts had easily guessable passwords.
It's called "rate limiting", not "rocket science" :) . As I posted a few minutes ago, rate limit with a lockout for failure. Using the article's list as a script, spammers shouldn't be able to get as far as "password" before a x-hour lockout or contact-admin-for-reset.
And some moderation/oversight should be done as well. Get spam posts? Get rid of spammy posters! Simples! (and harden your account sign up process if that becomes an issue)
Biting the hand that feeds IT
