Brute force protection

@memes

  • TORFdot0@lemmy.world
    link
    fedilink
    English
    arrow-up
    33
    arrow-down
    4
    ·
    10 months ago

    If they had the password right the first try, that isn’t a brute force attack, thats a credential leak.

    • winterayars@sh.itjust.works
      link
      fedilink
      arrow-up
      16
      ·
      9 months ago

      It should be that it rejects the password the first time it’s entered correctly but accepts it on every subsequent try. That actually would provide some protection against like dictionary attacks and raw brute force attacks.

    • iAvicenna@lemmy.world
      link
      fedilink
      arrow-up
      9
      ·
      9 months ago

      could also work in a brute force scenario, but first attempt would be not first attempt in a set amount of time but first attempt for each password by the user in a fixed amount of time