We have those. 5 attempts lock out for an hour, ten and your account is disabled until you call AppleCare and confirm your ID. You know I love this place and all of you great people but this thread really freaked me out for some reason. I'm going to stay out of this discussion because reasons, but yeah.
Wow. Thanks for telling us how you're NOT going to contribute. And for telling us why. Super helpful.
Our work computers have 3 or 5 attempts at the password if you get it it wrong the many times, the IT guy has to come and unlock it.
For the online services I run right now, we subscribe to the exponential delay. First time you forget, you have to wait 1 second. Then 2. Then 4. Then 8. Then 16. Then 32. And so on. The problem with account lockouts like that is that that, in itself, can be used as a DOS attack. If we implemented that here, I could write a script that would randomly try and login as Scootah, or Binary, or Juice, etc., to the point that I'd never get their password, but their accounts were locked out almost all the time. Sometimes getting in isn't he end-game, it's keeping the others out.
See, that's why I don't like exponential policies. I also hate the usual 3 or 5 attempts before an IT guy - for brute forcing, a few hundred attempts is still extremely low probability risk. There's almost no circumstances in valid usage where there's ever going to be 100 genuine failed attempts in a five hundred second window. With iOS devices, it takes more than 5 seconds to put a decent password in anyway. 10 minutes to cool down and stop rage entering the same password over and over again will remind anyone who has persisted that long that they used the other password for their phone, and if there's a thousand bad attempts? There's either a broken app that needs tech support or a threat that needs intervention. And if someone is DoS'ing a lockout policy? They were going to be dicks no matter what - at least having a lockout trigger an investigation lets network ops start screening malicious traffic.
The thing about an exponential delay though is that it causes a delay in the attacking server and gets them a reduced ROI. I've seen it happen with some of the EA online stuff I was doing... we'd get attacked, and as fast as accounts got locked they were onto another one. It seemed like their goal was to just lock out as many accounts as they could, as quickly as they could... not infiltrate or gain entry to the system. Once we implemented the exponential delay, less than 1/10 of the accounts ended up locked before we could analyze and react to the attack at a network level compared to the 5-and-out scenarios. It all comes down to what your threat assessment is and what your attack vectors look like... there is no universal "right" answer, as far as I'm concerned, and it all depends on your specific context. In some cases, 5-and-out works. In others, exponential delay works.
No but seriously though...is it on reddit yet? Also, the Onion quietly launched a fake Buzzfeed, "news blog" site called Clickhole. They wrote this hilarious piece. http://www.clickhole.com/article/other- ... eir-pe-903 Just going to quote and spoil it here for the lazy. Spoiler
Maybe people will start to learn that anything electronic can be hacked or stolen. Maybe its time to start taking nude pics with Polaroid's again. It seems the internet/electronic sources are just a treasure trove for hackers. Most people, the vast majority, have no idea whats going on out there and are just out there, almost helpless against someone trying to get their info.
It makes me sad seeing all these people outraged over the loss of a celebrities privacy, yet they don't give a flying fuck about our government saving ANYTHING connected to the internet. http://nsa.gov1.info/utah-data-center/
What's Fappening? I see that the PCF returned all the donations received from Reddit's fappening link. I wonder what organization would take those dollars now. I never saw the Kaley Cuoco ones, but she responded with a jab on Twitter by posting a pixelated photo of herself. Several of the celebrities are responding - how long before The Fappening screen play gets sold?
Re: What's Fappening? Now I know its sexist and "rape culture-y" to say they that these actress should just laugh this off, but I can say I HOPE they are laughing this off like some of them are. Also, the few Kaley Cuoco ones I saw were pretty much rated R or low quality.
There's so many logical fallacies in this douchebags article it makes my head hurt. http://terribleminds.com/ramble/2014/09/02/a-psa-about-nude-photos/
Re: What's Fappening? I see your point. But not every actress was represented equally. Bar Rafaeli's asshole was gaping and was penetrating herself. Jennifer Lawrence, while having the most tasteful photos was incredibly exposed. Kate Upton was very exposed too. A lot of the others are just body parts that the neckbeard army was able to link together through birthmarks and jewelry. Generally unprovable photos of vaginas that could literally be anyone. There were tons of pictures, but only a few were of super duper famous women. Doesn't make it better or worse. But I don't think its something easy to laugh off.
Re: What's Fappening? That's what I meant with my Kelly Cuoco comment, she's laughing it off but none of her pictures really showed anything. I just hope that this isn't something that stays with them for a long time, I hope eventually they can laugh it off. It would suck if some of them had to go to more therapy than they already do because of this.