|
via posted:Wrong thread, I'm sure. But this has been bothering me for at least 15 years. Why were dictionary/brute force attacks ever possible? What is the use in letting a client attempt 1,000,000 passwords? Why would it even let you try five? Typically, people just didn't think about preventing it, or simply didn't bother. Preventing brute-forces requires at least a little extra effort above and beyond just implementing the authentication. It's not that there's any particular use in letting a client attempt 1,000,000 passwords, it's that it takes extra work to put something in to prevent them from doing so, and not everyone does that extra work.
|
# ¿ Nov 24, 2015 15:22 |
|
|
# ¿ May 3, 2024 09:10 |
|
ElCondemn posted:I was hoping to find other articles explaining how an exploit that's possible through LastPass is mitigated by 1password/whoever. The other password managers mitigate those issues by not being run by incompetent developers who have a long history of repeatedly getting their product badly compromised and then refusing to learn from it. You're asking for a technical solution to "the developer is a loving idiot who can't secure their security software despite it being their literal job". You're never going to get a decent answer for that because the human factor is really important in security. The question isn't "okay, what theoretical attack vectors are there", it's "why is it that LastPass has been repeatedly compromised and other password managers haven't?" The answer to that question isn't really a matter of technology.
|
# ¿ Feb 25, 2018 23:30 |