Brute force protection

@memes

  • @finkrat
    link
    13
    edit-2
    8 months ago

    Won’t protect against an offline attack (just will confuse the hell out of the hacker) but might confound an online attack? Until someone gets wise and runs the tool a second time. Loving the chaotic neutral vibes here.

    • @[email protected]
      link
      fedilink
      48 months ago

      It doesn’t really even protect against online attacks though. Like, if you’re going through a list of known accounts, by definition it won’t be any of those accounts’ first time logging in, right?

      And if you’re not going through a list of known accounts, good luck getting anywhere with your attack any time this millennia

      • Tarquinn2049
        link
        158 months ago

        This would be per session, not lifetime.

        • @kautau
          link
          28 months ago

          This makes it even more cursed

        • @[email protected]
          link
          fedilink
          08 months ago

          Function naming could use some work then, it’s not obvious that isFirstLoginAttempt would be session-aware.

          Sorry, I’ll stop being pedantic now