Hello!
We have a client who is asking us to implement a security feature that would not allow people to be able to attempt to login after 3 failed attmepts. He is worried about someone being able to write a script that can just run through usernames and passwords until it gets a matching set and then they have access to his site unbeknownst to us.
First question: Is it even possible for someone to write such a script?
Second question: If this is a real security threat, how come nobody else out there seems worried about it...i.e. my bank, PayPal, etc?
Third question: If this is a real security threat, any ideas on how to thwart it?
Thanks,
-Greg
We have a client who is asking us to implement a security feature that would not allow people to be able to attempt to login after 3 failed attmepts. He is worried about someone being able to write a script that can just run through usernames and passwords until it gets a matching set and then they have access to his site unbeknownst to us.
First question: Is it even possible for someone to write such a script?
Second question: If this is a real security threat, how come nobody else out there seems worried about it...i.e. my bank, PayPal, etc?
Third question: If this is a real security threat, any ideas on how to thwart it?
Thanks,
-Greg