Let me ask how many times does a normal log in system allow an account to be tested its password possibly by hackers?Can I expect the answer is 10000 times at most?
Thank you in advance.
Share
Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
Let me ask how many times does a normal log in system allow an account to be tested its password possibly by hackers?Can I expect the answer is 10000 times at most?
Thank you in advance.
Usually the answer is either small or infinite. For example on most Windows domain controllers, the maximum number of login attempts is less than 10, but for Windows machines that are not domain controlled there is no maximum.
Again for most websites the answer is either small or infinite – with the caveat that sometimes users will be “locked out” of their account for a short amount of time if too many wrong guesses happen close to each other.
If you are building a new system, the thing to think about is what the risk is to your customers. Generally speaking rather than locking the account it’s preferable to lock the user out for a short while (throttle) instead, but for high-value systems that are accessed infrequently (such as online banking or accessing your company’s document store) locking the user out and enforcing minimum password complexity is probably a better choice.