Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
Brute force rarely works.
Why ?
Well starting from my own work, if you try more than 6 times your account is blocked and it can be unlocked only by email that has a 32 characters long string that is mandatory in order to make reset page behave as it is.
So unless your 6th try is correct, you are going to have a bad time my friend. -
arekxv10548y@nofckingcluedev You arent blocking access to login by minutes, just by that email???
Your system is actually ripe for brute forcing as someone can easily make a brute force script which simply works with checking email and taking that code and entering it when it needs to and then continue on brute forcing.
You really should force waits for around 30 minutes or so, it will not destroy brute forcing (because they cannot be stopped, just slowed down) but it will not make it feasible to do on your system. -
@arekxv if you try mote than the limit, everyone even with the real password, is locked out.
The only way to access your account is by using a unique reset link that was sent to the users email account, this email is given by the user when he creates his account.
An unique string, is created for every account and in order to make that link work, you need to have correct string+email+username+password.
Brute force always works. Period.
undefined