Search This Blog

January 13, 2008

3 failed login attempts block your account—a good idea?

If you go to some famous online websites, you need to login to your account using your username and password. But if you use the wrong password to login 3 times, your account will be blocked. You need to call the customer service representative and get the new password to login again. Is it a good idea to set the policy of 3 failed login attempts?

Just imagine this situation. If a hacker is very familiar with using the tool to try different username and password during 2 hours in ABC Company, do you think it is easy for him to block other people’s accounts? Do you think the account owners will blame ABC Company?

No comments: