An email went around the Engineering department at work discussing security and keyed hashes. We take security seriously, but that doesn’t mean we can’t joke around. A VP responded to the security email by suggesting we could prevent the vulnerability outlined in the referenced article by disabling logins for accounts that have more than 1 trillion login failures.
Being the contrarian that I am, I had to throw in my two cents about his proposed solution:
It’s frustrating when you try to log in a trillion times, can’t remember your password, get locked out, and then have to contact support to get your account unlocked.
The number of login attempts should definitely be set to a more reasonable number, like a googol. If I can’t guess my password in 10,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,
000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000 attempts, I’ll probably break down and contact support.
I thought it was worth sharing because it’s not every day I get a chance to use googol in a sentence.