Quote:
Originally Posted by venusgal
You obviously have no idea how login systems work and having the most secure system still won't stop someone from guessing your stupidly easy password, as if it was hunter2.
|
After X tries it should at the very least lock out the IP. Even better might be to lock out the whole account after X+X incorrect attempts and send a new password to the email on file and disable all logins until the new password is used. Not doing this make it easier to brute force.