Brute force protection
The one guy got grey hairs in-between slides lol
this post was submitted on 13 Mar 2024
1018 points (96.9% liked)
Memes
45619 readers
482 users here now
Rules:
- Be civil and nice.
- Try not to excessively repost, as a rule of thumb, wait at least 2 months to do it if you have to.
founded 5 years ago
MODERATORS
If they had the password right the first try, that isn't a brute force attack, thats a credential leak.
I think the author attempted first time login to be with the right password.
load more comments
(3 replies)
This is negging for auth.
Well, I sometimes input the same password 15-times in a row, and it works only on the last try. ¯\_(ツ)_/¯
load more comments
(1 replies)
Won't protect against an offline attack (just will confuse the hell out of the hacker) but might confound an online attack? Until someone gets wise and runs the tool a second time. Loving the chaotic neutral vibes here.
It doesn't really even protect against online attacks though. Like, if you're going through a list of known accounts, by definition it won't be any of those accounts' first time logging in, right?
And if you're not going through a list of known accounts, good luck getting anywhere with your attack any time this millennia
This would be per session, not lifetime.
This makes it even more cursed
Function naming could use some work then, it's not obvious that isFirstLoginAttempt would be session-aware.
Sorry, I'll stop being pedantic now
This is a really interesting idea, but a password manager would throw a wrench in it.
I'd assume my password was invalidated or stored incorrectly, so I'd reset, then I'd try to log in, wtf... this website blows.
That's actually pretty smart
@kandoh
Yes haha. This way we can get back to the times where 4 characters passwords were sufficient 😃