How does that stop a brute force attack? As written, it only stops the single luckiest brute force attack that happens to get the password right on their first try.
It wouldn’t stop most brute force attacks, which are not performed on the live web service, but rather on a password hasb list that was stolen via some other means.
How does that stop a brute force attack? As written, it only stops the single luckiest brute force attack that happens to get the password right on their first try.
You can’t really prevent a brute force attack. Even if you prevent it from one IP or so, you can still do “distributed” brute force attacks.
Also only allowing one password per 5 seconds or so per IP will not work if you have lots of users and they are at work and have the same IP.
It wouldn’t stop most brute force attacks, which are not performed on the live web service, but rather on a password hasb list that was stolen via some other means.