Brute force protection
this post was submitted on 13 Mar 2024
1021 points (96.9% liked)
Memes
49816 readers
1215 users here now
Rules:
- Be civil and nice.
- Try not to excessively repost, as a rule of thumb, wait at least 2 months to do it if you have to.
founded 6 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
As a non programmer, is the joke that humans will retype their password assuming that they made a typo?
If so, sick indeed.
The guy coding made it so, on your first attempt, even if you answer correctly, it will tell you your login failed due to incorrect username or password, to joke about how it feels like you always get it wrong on the first try
The logic is bugging me, though. It should be
if isFirstAttempt || !isPasswordCorrectI understand the meme is trying to convey in spite of being correct to still return an error, but then it doesn't account for when the password is actually incorrect.
That defeats the brute-force attack protection…
The idea is that brute-force attackers will only check each password once, while real users will likely assume they mistyped and retype the same password.
The code isn’t complete, and has nothing to do with actually incorrect passwords.
Like the other person said, it's not meant to always fail the first time you enter any password.
It is meant to fail the first time you enter the correct password.
So it should be: if password == correct and first_success == true then { login failure; first_success = false }
Something like that.
Yeah, hackers have automated tools and they will, of course, only try each password once.
I would assume that I was being phished and the attacker wanted me to re-type the password to verify that it's correct.
@gibmiser
Yes exactly 😂