Weaknesses of 3-Strike Security
Posted
by
prelic
on Programmers
See other posts from Programmers
or by prelic
Published on 2012-04-06T16:20:20Z
Indexed on
2012/04/06
17:41 UTC
Read the original article
Hit count: 410
security
I've been reading some literature on security, specifically password security/encryption, and there's been one thing that I've been wondering: is the 3-strike rule a perfect solution to password security? That is, if the number of password attempts is limited to some small number, after which all authentication requests will not be honored, will that not protect users from intrusion? I realize gaining access or control over something doesn't always mean going through the authentication system, but doesn't this feature make dictionary/brute-force attacks obsolete? Is there something I'm missing?
© Programmers or respective owner