Page 1 of 1

How to protect from password guessing?

Posted: Thu Apr 25, 2024 12:43 pm
by szept

My password for Easy startup is quite easy, hence probably relatively easy to crack, even by manual typing one go after another. Is it possible to maybe add (if it's not already there) a function to block it after certain number of failed trials? I'd propose to disable startup for 24 hours after 3 fails of password. Also, I wouldn't necessarily put an info saying it will be anabled again, because the rightful user will know it, so after the first fail the info could be: "Password incorrect - 2 more attempts before ban" (couldn't find more appropriate word...), then after 3rd fail a message "Startup locked" and nothing more. Then the startup would allow user to try login after 24h, maybe with a message that it has been locked previously. Just a thought. Obviously, in case of a serious cracking, some1 could buy lots of pendrives, DD-copy EasyOS and try for infinity without any downtime, but I'm not talking about this kind of case.

Cheers,
Damian


Re: How to protect from password guessing?

Posted: Thu Apr 25, 2024 5:40 pm
by Flash

I think that limiting password tries to, say, one each 15 seconds would be enough to discourage most crackers. 15 seconds isn't too long to wait before you can try again if you just mistyped a character, but someone who's trying to guess passwords might consider going into a different line of work if he was only allowed 4 guesses a minute.