Brute force prevention - as has been pointed out above by everyone else - is necessary. However, like all security measures, it has to be applied in the right amount.

For instance, my work has policies on the Windows Active Directory logins. There is a maximum of three failed attempts in an hour. Additionally, password must be changed every 90 days, and there are fairly tight restrictions on what passwords can be.

This might seem reasonable, but when you add in the fact that many applications in the company use Active Directory as their authentication system, you see that users can easily legitimately enter their password incorrectly more than three times in an hour, locking out their accounts. A policy closer to 20 (or even 50) attempts in an hour would seem much more reasonable to me - it would almost eliminate the number of locked out accounts, while not really making it easier to brute force.

If your security is over zealous, it will cause legetimate users to find ways to circumvent it - just so they can get some work done. If this happens, you know your security measures are failing.

In reply to Re: Why do you have to worry about Brute Force Attacks? by Mutant
in thread Why do you have to worry about Brute Force Attacks? by Anonymous Monk

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.