no, since it first checks if the password is correct. if it is, display error message. if it is corrent and the second time, accept the password (code not in screenshot)
but if the password is wrong, it doesnt check if it is the first attempt.
How does that stop a brute force attack? As written, it only stops the single luckiest brute force attack that happens to get the password right on their first try.
No, it’s correct - say your password gets leaked across thousands of passwords. A hacker will try to crack all of them with a program that guesses them once, which as the image suggests defeats these types of programs
Not to be pedantic but wouldn’t it be IsFirstLoginWithAttemptedPassword or am I missing something?
no, since it first checks if the password is correct. if it is, display error message. if it is corrent and the second time, accept the password (code not in screenshot) but if the password is wrong, it doesnt check if it is the first attempt.
How does that stop a brute force attack? As written, it only stops the single luckiest brute force attack that happens to get the password right on their first try.
You can’t really prevent a brute force attack. Even if you prevent it from one IP or so, you can still do “distributed” brute force attacks.
Also only allowing one password per 5 seconds or so per IP will not work if you have lots of users and they are at work and have the same IP.
No, it’s correct - say your password gets leaked across thousands of passwords. A hacker will try to crack all of them with a program that guesses them once, which as the image suggests defeats these types of programs
@cobra89
Yeah I agree.
You’re right, and nothing wrong with being pedantic when working with code :)