donheff
Give me a museum and I'll fill it. (Picasso) Give me a forum ...
Yes, it has happened to me me more than a few times since I am a touch ADD and keep banging away without noticing my caps lock is on But poking around with three tries every few hours is not a dictionary or brute force attack. It might get into an account that used something truly brain-dead like "password123" but would not likely work with even a very weak normal password.This seemed obvious to me as well, but then I thought about the implications. Wouldn't the real user (especially high profile people) just get locked out all the time from the false attempts? As soon as the hour re-try limit was passed, the crooks would hit it again three times.
-ERD50
Dictionary attacks require an ability to pound the server continually with automated logon attempts -- or, (required with sensibly protected sites) pounding away at a stolen copy of the encrypted password file residing on evildoer's server. Then evildoer can logon to any of the accounts whose userIDs and passwords the attack cracks.
Last edited: