Skip to main content
Information Security

Questions tagged [account-lockout]

Ask Question

The tag has no summary.

37 questions
Newest Active Bountied Unanswered
0 votes
0 answers
96 views

Let's say there is a system that can set IP ACL for security. If administrator can't bypass IP ACL, account may by locked up when machine or network IP changed But if administrator can bypass IP ACL, ...
Seongbok Youn's user avatar
  • 101
0 votes
2 answers
494 views

Scenario: a user enters his password incorrectly x times, so his account is locked for y minutes. Should I revoke all his refresh tokens? Problems: user is logged out of all devices, not just the one ...
lonix's user avatar
  • 485
6 votes
3 answers
10k views

My friends Instagram account has repeatedly been hacked. Someone is gaining access to her account, proceeding to change all the security information to lock her out. Then posts scam ads on her account....
user275680's user avatar
  • 61
0 votes
1 answer
164 views

The cable company recently replaced my old gateway/wireless router. After the new gateway was installed (a "Touchstone TG1682G Telephony Gateway", if it matters), both Google and Amazon required ...
fuzzydrawrings's user avatar
  • 581
2 votes
1 answer
368 views

Scenario: Person A's normal computer account is personA. They have locked this out with too many bad password attempts. The user is part of the IT group, so they also have an admin account: personA-...
BeckyG's user avatar
  • 21
0 votes
2 answers
374 views

We have a platform where users can sign up for free using their email addresses (they can also associate social media account). Other than the name, email and social account there no other personal ...
shobhonk's user avatar
  • 101
0 votes
3 answers
1k views

If a website has a password change functionality where the user isn't prompted for the current password and the form isn't using tokens to mitigate CSRF attacks, an attacker can easily execute a CSRF ...
HorstKevin's user avatar
  • 1,448
1 vote
0 answers
162 views

I've noticed a trend in how big companies (Amazon, Skype, and a few others I don't remember in particular) handle e-mail authentication. Rather than e-mailing clickable links with some single-use ...
Alexander's user avatar
  • 168
2 votes
1 answer
979 views

I created a secondary Facebook account months ago from Argentina. Now I logged back in, and noticed countless logins from RUSSIA and the account is clearly being used by some Russian dude. I logged ...
andreszs's user avatar
  • 121
3 votes
2 answers
2k views

AFAIK the recommended practice to mitigate brute force attacks is to lock an account down for, say, 15 min (perhaps escalating lockout time if the attack continues afterwards?) after, say, 5 failed ...
gaazkam's user avatar
  • 6,851
9 votes
2 answers
472 views

According to the Google information page here: https://support.google.com/accounts/answer/6103523 If you don’t have another second step or forgot your password Note: 2-Step Verification requires an ...
knaccc's user avatar
  • 220
0 votes
1 answer
199 views

I'm building a web app with Flask and I have user accounts that store their passwords in a MySQL String column using werkzeug.security's generate_password_hash() method. I wanted to create a Community ...
mas's user avatar
  • 297
2 votes
2 answers
1k views

I have a web app. Existing users can invite new users by sending a mail throw the web app. If the user fails 4 consecutive times I block the acount for 5 minutes. Currently there is no important ...
Emilio Platzer's user avatar
  • 123
0 votes
1 answer
406 views

Ok so, we've got a situation here that sounds a bit hopeless, but it's happening right now and we could really use some help. Please bear with me here as I try to explain... Recently, my wife and I ...
FoxEM's user avatar
  • 29
0 votes
0 answers
129 views

I run a SaaS used by teams to collect company-related information (think something like Crashlytics). Even if the tool lets users invite their colleagues, we often find cases of individuals who ...
gimix's user avatar
  • 283

15 30 50 per page
1
2 3