I am into bitcoin right now, and the password threats scare me a little... Not s

Question

I am into bitcoin right now, and the password threats scare me a little...

Not so much for me, because I use LastPass and generate new passwords at 20 characters and it includes symbols, upper and lower case letters as well as numbers. However, I know that we are nearing a time where 100 billion passwords a second can be attempted as a brute force and I was thinking about the amount of people who use Teddy567 or qwertyqwerty for passwords and I think to make the internet safer we should come up with a way to stop brute force attacks.

So, can you help me to understand why sites can't implement a 3 second delay or hell, even a 1 second delay in any missed password. This would, in my mind totally end all brute force attacks. It also would not even be noticeable by humans

Why don't sites implement a system where a wrong password causes a 3 second delay?

Explanation / Answer

Generally locking accounts as proposed by raz is a very bad thing - it leads to helpdesk load, annoyed customers, and is not needed to actually prevent brute force attacks.

Temporary suspensions are used by more and more systems, often some delay that foils brute force, like 5 or 30 minutes, or by using an escalating scale, eg doubling the timeout each failed login attempt.

Related Questions

Navigate

• Browse (All)
• Browse I
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.