• @[email protected]
    link
    fedilink
    121 year ago

    Just because this method is a subset of the brute force attack doesn’t mean that they don’t have request limiting. They are reusing known breached passwords from other platforms, which makes it basically a guarantee that they will get the right password if they don’t use a password manager. Their computer systems are secure, it’s just their business model that’s a privacy nightmare.

    • @doppelgangmember
      link
      11 year ago

      I mean true, there’s nothing you can do with a successful attempt.

      But i feel like this still could have been limited. Required 2FA obvi comes to mind… You can limit rate in a lot of ways.