this post was submitted on 13 Mar 2024
1017 points (96.9% liked)

Memes

45755 readers
1013 users here now

Rules:

  1. Be civil and nice.
  2. Try not to excessively repost, as a rule of thumb, wait at least 2 months to do it if you have to.

founded 5 years ago
MODERATORS
 

Brute force protection

@memes

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 9 points 8 months ago (7 children)

Not to be pedantic but wouldn't it be IsFirstLoginWithAttemptedPassword or am I missing something?

[–] chraebsli 7 points 8 months ago (3 children)

no, since it first checks if the password is correct. if it is, display error message. if it is corrent and the second time, accept the password (code not in screenshot) but if the password is wrong, it doesnt check if it is the first attempt.

[–] [email protected] 1 points 8 months ago (2 children)

How does that stop a brute force attack? As written, it only stops the single luckiest brute force attack that happens to get the password right on their first try.

[–] pythonoob 1 points 8 months ago

It wouldn't stop most brute force attacks, which are not performed on the live web service, but rather on a password hasb list that was stolen via some other means.

load more comments (1 replies)
load more comments (1 replies)
load more comments (4 replies)