![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
johnridleyA recent event reminded me of something that I've been wondering about for years:
Given the prevalence of "3 strikes and you're out" login pages, where if you fail to input the correct password 3 times, your account is locked and you have to go through a sometimes painful and always time consuming process to get it unlocked, why do we not see this emerging as an attack vector, either to just be a general pain in the butt or to specifically bother one person?
If I know the person's account name, which is quite likely on things like online forums, I can easily lock their account by simply entering the wrong password for them 3 times. If I do it from a public computer, or through an open wifi connection, it probably can't be traced back to me?
I don't think I'm exactly the nastiest person on the planet, so if I thought of this years ago, why is it not happening a lot? Maybe it is, and it's just too small potatoes to get press?
Given the prevalence of "3 strikes and you're out" login pages, where if you fail to input the correct password 3 times, your account is locked and you have to go through a sometimes painful and always time consuming process to get it unlocked, why do we not see this emerging as an attack vector, either to just be a general pain in the butt or to specifically bother one person?
If I know the person's account name, which is quite likely on things like online forums, I can easily lock their account by simply entering the wrong password for them 3 times. If I do it from a public computer, or through an open wifi connection, it probably can't be traced back to me?
I don't think I'm exactly the nastiest person on the planet, so if I thought of this years ago, why is it not happening a lot? Maybe it is, and it's just too small potatoes to get press?
![[identity profile]](https://www.dreamwidth.org/img/silk/identity/openid.png){kind=small}
no subject
Date: 2009-11-09 09:46 pm (UTC)no subject
Date: 2009-11-10 01:50 am (UTC)no subject
Date: 2009-11-10 02:18 am (UTC)