Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
@gashadokuro Too many times that has happened.
One lady had that issue, it was her wallet on the shift key... -
BlueDev1488y@gashadokuro that could easily be abused by an attacker by locking all customer accounts
-
@BlueDev I agree but most education institutes have terrible budgets. Making these weird credential systems that a blind person could hack very common.
-
BlueDev1488y@aaxa Rainbiw tables are used when the attacker already has access to the database. The best guard against rainbow tables are salting the hashes (use bcrypt!) and password policies. You could add a little delay like 5s when the user repeatedly entered a wrong password. But don't implement it via Thread.sleep() as an attacker could easily exhaust your thread pool that way leadind to a dos.
Get a call saying password incorrect.
*Me testing login details*.... Works fine.
Tell user that it was a typo.
*They get angry*
*They start whispering to coworker "oh so it's a capital?!"
Next thing I hear, NVM I found the issue.
*Hangs up*
undefined