Tuesday, April 19, 2016

[otuodiyg] Adjusting the number of failed password attempts

For authentication systems that do something drastic after a number of consecutive failed password attempts (e.g., iPhone wipes the device), let the threshold number be adjustable higher by the user.  It could also be automatically adjusted based on the length of the password.  Should the threshold number be linear or exponential in the length?

Inspired by needing to type a long password on an flaky input device which often dropped keystrokes.

No comments :