Weaknesses of 3-Strike Security

Posted by prelic on Programmers See other posts from Programmers or by prelic
Published on 2012-04-06T16:20:20Z Indexed on 2012/04/06 17:41 UTC
Read the original article Hit count: 410

Filed under:

I've been reading some literature on security, specifically password security/encryption, and there's been one thing that I've been wondering: is the 3-strike rule a perfect solution to password security? That is, if the number of password attempts is limited to some small number, after which all authentication requests will not be honored, will that not protect users from intrusion? I realize gaining access or control over something doesn't always mean going through the authentication system, but doesn't this feature make dictionary/brute-force attacks obsolete? Is there something I'm missing?

© Programmers or respective owner

Related posts about security