I know, I know, I'm lazy (or maybe I've given up Google for lent).. but why?
Why doesn't the software/program (IANAP) doing the authentication restrict the amount of times that the password can be entered? Say 10 entries every 10 minutes or similar. And also institute a time delay factor, like there must be a 2-3 second delay between attempts. That would be sufficient leeway for any typos but would seem to me to make a brute force attack unfeasible.
Obviously since this doesn't happen in the real world there must be a good reason. (I mean I know this is implemented for physical input by users on networks, ATMs etc. but why doesn't it work generally and against cracking programs specifically?)
Thinking about this - I wonder if biometric security gets good enough that it becomes too difficult / expensive for most criminals to hack will it lead to an increase in assault and kidnapping?
I imagine life could get quite hellish for that segment of society that is rich enough to be worth targetting but not rich enough to afford a team of bodyguards.
As aztracker1 says "an individual will generally remember it their way". And to add to that I would think that having multiple variations of common phrases would actually increase the security since it increases the variables needed for a word based dictionary attack.
You could also increase security by deliberately skewing (misspelling, addition, subtraction etc.) the use of a common phrase in a way that is easily remembered.
Writing your own dictionary are you? I consider myself an atheist, which means 'disbelief in the existence of God or gods' (Concise Oxford) from the Greek 'atheos' without god. That's a negative principle - a lack of belief. It doesn't imply any positive belief in anything else. By your logic I would be the person with the most religions in the world since everything I don't believe in would count as a religion.
So I guess that makes me an Anti-PinkFlyingElephanter, a member of the Temple of no Leprechauns, layman of the Church of NoLittleGreenMen, devotee of the Ministry of ThereAreNoIdiotsPostingOnSlashdot, oh wait...
Slashdot Mirror
WYIAA/.A
Why doesn't the software/program (IANAP) doing the authentication restrict the amount of times that the password can be entered? Say 10 entries every 10 minutes or similar. And also institute a time delay factor, like there must be a 2-3 second delay between attempts. That would be sufficient leeway for any typos but would seem to me to make a brute force attack unfeasible.
Obviously since this doesn't happen in the real world there must be a good reason. (I mean I know this is implemented for physical input by users on networks, ATMs etc. but why doesn't it work generally and against cracking programs specifically?)
Anyone care to point me to a good explanation?
Ta
Thinking about this - I wonder if biometric security gets good enough that it becomes too difficult / expensive for most criminals to hack will it lead to an increase in assault and kidnapping?
I imagine life could get quite hellish for that segment of society that is rich enough to be worth targetting but not rich enough to afford a team of bodyguards.
Hey it could make gloves fashionable again! Think of the social customs that might revive.
You could also increase security by deliberately skewing (misspelling, addition, subtraction etc.) the use of a common phrase in a way that is easily remembered.
I've often thought if you flipped that around - 'and man created God in his own image' - that it explains so, so much about religion.
Writing your own dictionary are you? I consider myself an atheist, which means 'disbelief in the existence of God or gods' (Concise Oxford) from the Greek 'atheos' without god. That's a negative principle - a lack of belief. It doesn't imply any positive belief in anything else. By your logic I would be the person with the most religions in the world since everything I don't believe in would count as a religion.
...
So I guess that makes me an Anti-PinkFlyingElephanter, a member of the Temple of no Leprechauns, layman of the Church of NoLittleGreenMen, devotee of the Ministry of ThereAreNoIdiotsPostingOnSlashdot, oh wait
you're missing the obvious predecessor - Hardon Duron Durex