DEV Community

Discussion on: Authentication vulnerabilities

jnareb profile image
Jakub Narębski

Two things that are missing: first, to protect against brute-force attack it is good to institute a negligible at first delay in the authentication process, increasing the delay after several failed attempts (perhaps only for give IP).

Second, if a password complexity rule prevents the user from using a password manager, it is not a good rule.