Reply to post: Re: It only makes it easier to crack...

'Password rules are bullsh*t!' Stackoverflow Jeff's rage overflows

Tom 38 Silver badge

Re: It only makes it easier to crack...

I don't think it necessarily implies the storing of failed logins.

One possible compromise would be that if the login is not successful, just delay the rejection response for a period of time, for example, 10 seconds.

So now you are open to DoS via resource depletion. What's your next plan?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon


Biting the hand that feeds IT © 1998–2020