Re^2: Why do you have to worry about Brute Force Attacks?

If they don't, there's always the "forgot password" link that all good sites (should) have.

So now, instead of cracking a secure password, all the bad guys (or your nosey neighbours) have to do is find out your dog's name, mother's maiden name, or some other easy to learn (or guess) response?

I think those links are handy. I don't pretend any system "protected" by them is secure. They're like a locked front door with the key hidden under the doormat by the back entrance; not as secure as they really appear.

Comment on Re^2: Why do you have to worry about Brute Force Attacks?

Replies are listed 'Best First'.
Re^3: Why do you have to worry about Brute Force Attacks? by eric256 (Parson) on Sep 27, 2006 at 19:02 UTC
Err most of the ones i've used email you the new password after checking the right answer. So they would have to know your dogs name and have access to your email. ___________ Eric Hodges	[reply]
Re^4: Why do you have to worry about Brute Force Attacks? by Anonymous Monk on Sep 27, 2006 at 20:53 UTC
Err most of the ones i've used email you the new password after checking the right answer. So they would have to know your dogs name and have access to your email. Email is sent out in plaintext over the network, remember?	[reply]
Re^5: Why do you have to worry about Brute Force Attacks? by eric256 (Parson) on Sep 27, 2006 at 22:58 UTC
Passwords to 99% of websites are sent out over the web in plaintext...remember? If you have access to my network then I'm going to assume that any of my web based transactions are open to you (save the banks and few other websites that have gone secure.) ___________ Eric Hodges	[reply]