13 Jan
2006
13 Jan
'06
8 a.m.
HÃ¥kan Johansson wrote:
On Jan 13, 2006, at 00:32, Dennis Allison wrote:
A more usual solution to this issue is to insert a delay after the third and subsequent failures. You, of course, need a policy for removing the delay (successful login or N minutes following the last attempt).
Yes, I have been thinking the same thing. It would be much less work for the admin of the system. Thanks for the tip though :)
_
Of course if you enforced longer passwords you can achieve a similar result. You dont slow time down between authentication events (like Dennis suggests) but you add the amount of time needed to guess a password. So (slow Auth reponsies + tries) can approximate (fast Auth responses + alot more tries) David