[Coco] Tandy / Color Computer Forum Access
timebandit001 at gmail.com
Fri Mar 25 17:51:17 EDT 2011
>> You have to make it expensive enough to crack your password that they get
>> bored and go looking for easier targets.
> My employer mandates a "three strikes and it's locked" policy on
> authentication attempts. Now that I think about it, most web accounts I own
> do that as well. Renders brute-force cracking tools a bit impractical.
On my website, I just delay the "failed" answer $attempt*2 seconds.
1st try you know it failed 2 seconds later.
On the 5th attempt, you have to wait 32 seconds before you know it failed.
On the 6th, you wait 64 seconds.
This is usually enough to make them go away :)
More information about the Coco