lmao, so obvious but a good thread, seems like this only affects the brain dead ruse people mostly
|
lmao, so obvious but a good thread, seems like this only affects the brain dead ruse people mostly
Not a terrible thread, even if everyone memes on it. Ideally, if you're going to allow saving of credentials, you'd probably want to store some sort of token unique to the machine rather than the actual password.
Don’t forget the servers that store player passwords as plain text. I’ve seen it a million times, always bring it up and nobody ever cares.
Lets not forget that most servers dont add a lockout to invalid logins. End up being able to bruteforce the pw
password should be hashed, never stored and you should have timeouts and 2fa, that's if you're taking security seriously
ok if that is what he meant I can see how it would be an issue if someone is using a list of compromised passwords (that are reused) but the actual act of bruteforcing is not quick, if your password is already on some list you're done for already...
No people don't use long passwords. They are easily bruteforced without any lockout and common pw lists in rsps.
It's as simple as sending loads of login requests with diff passwords until server approves the request
Not limited to this can happen in parallel with X requests per second.
« Previous Thread | Next Thread » |
Thread Information |
Users Browsing this ThreadThere are currently 1 users browsing this thread. (0 members and 1 guests) |