Timeline for Why do sites implement locking after three failed password attempts?
Current License: CC BY-SA 3.0
29 events
| when toggle format | what | by | license | comment | |
|---|---|---|---|---|---|
| Oct 5, 2016 at 9:24 | comment | added | Calmarius | @MarkRipley Our payroll system requires capitals, regular letters, numbers and special characters and the minimum length 16 characters passwords. And after 3 attampts they permanently lock out you, so you need to contact the payroll company in person to get your account back. Ridiculous. | |
| S Sep 22, 2016 at 3:12 | history | bounty ended | Jon Heller | ||
| S Sep 22, 2016 at 3:12 | history | notice removed | Jon Heller | ||
| Sep 20, 2016 at 17:34 | answer | added | user124863 | timeline score: 3 | |
| Sep 19, 2016 at 13:27 | comment | added | Nivas | @MarkRipley time bound lockout makes sense. | |
| Sep 17, 2016 at 6:29 | comment | added | Mark Ripley | @Nivas: after you have already failed twice, you should be slowing down and watching what you are doing rather than panic typing. Also, usually a lockout is only for some span of time; you might be locked out for an hour, which would limit brute forcing an account to three attempts per hour, and the real user can get back in after an hour (if they can remember their real password by then). | |
| S Sep 15, 2016 at 3:54 | history | bounty started | Jon Heller | ||
| S Sep 15, 2016 at 3:54 | history | notice added | Jon Heller | Authoritative reference needed | |
| S Aug 15, 2015 at 22:32 | history | suggested | kalina | CC BY-SA 3.0 | cleanup, formatting, spelling... meatspace? |
| Aug 15, 2015 at 21:53 | review | Suggested edits | |||
| S Aug 15, 2015 at 22:32 | |||||
| Jun 2, 2011 at 14:11 | answer | added | Vineet Reynolds | timeline score: 10 | |
| Feb 20, 2011 at 11:16 | history | tweeted | twitter.com/#!/StackSecurity/status/39282291515596800 | ||
| Jan 13, 2011 at 16:34 | history | edited | Scott Pack | edited tags | |
| Dec 1, 2010 at 16:38 | vote | accept | Bradley Kreider | ||
| Nov 22, 2010 at 11:39 | answer | added | AviD♦ | timeline score: 8 | |
| Nov 22, 2010 at 10:42 | history | edited | AviD♦ | retagged | |
| Nov 20, 2010 at 1:46 | history | edited | Bradley Kreider | edited tags | |
| Nov 20, 2010 at 0:18 | answer | added | Jose | timeline score: 3 | |
| Nov 19, 2010 at 14:36 | answer | added | AmaDaden | timeline score: 12 | |
| Nov 19, 2010 at 14:14 | answer | added | realworldcoder | timeline score: 38 | |
| Nov 19, 2010 at 13:37 | answer | added | Josh | timeline score: 2 | |
| Nov 19, 2010 at 13:31 | answer | added | Dan McGrath | timeline score: 7 | |
| Nov 19, 2010 at 11:49 | answer | added | Rush Frisby | timeline score: 2 | |
| Nov 19, 2010 at 9:57 | answer | added | itinsecurity | timeline score: 16 | |
| Nov 19, 2010 at 6:34 | answer | added | Zian Choy | timeline score: 77 | |
| Nov 19, 2010 at 4:25 | comment | added | Nivas | I had the same question in my head... and think that 3 is 'not enough': 1. mistype with caps lock on, 2. mistype with caps lock off, 3. mistype in panic that the account might be locked out... | |
| Nov 19, 2010 at 2:32 | answer | added | Gary | timeline score: 18 | |
| Nov 19, 2010 at 1:59 | answer | added | Tate Hansen | timeline score: 22 | |
| Nov 19, 2010 at 0:45 | history | asked | Bradley Kreider | CC BY-SA 2.5 |