Yeah this is like 85% the users fault. If the website stores passwords in plaintext, it’s their fault. If the user used “password” as a password it’s their fault. The site could have been more helpful by having a cool down between incorrect passwords and monitor of failed attempts.
What you are describing kind of seems like 85% the site’s fault. Having no lock after failed attempts is a pretty epic fail. That combined with lax password requirements leaves the whole thing open to brute force.
Yeah this is like 85% the users fault. If the website stores passwords in plaintext, it’s their fault. If the user used “password” as a password it’s their fault. The site could have been more helpful by having a cool down between incorrect passwords and monitor of failed attempts.
What you are describing kind of seems like 85% the site’s fault. Having no lock after failed attempts is a pretty epic fail. That combined with lax password requirements leaves the whole thing open to brute force.
Woosh !