I’ve always thought that the best password security possible would be to always have the real password fail a few times. People who know their password will keep trying it, someone else will try a different one. It’s a variation of not giving an error that tells what failed.
I used to spoof the login page of my campus freenet, fail the first login, store the password and then jump to the actual page. End of the day I just go around the lab harvesting.
I’ve always thought that the best password security possible would be to always have the real password fail a few times. People who know their password will keep trying it, someone else will try a different one. It’s a variation of not giving an error that tells what failed.
This is delightfully evil
I used to spoof the login page of my campus freenet, fail the first login, store the password and then jump to the actual page. End of the day I just go around the lab harvesting.
To what end? What benefit was there in having people’s campus logins?
Can’t imagine. Give me your bank login credentials and I’ll let you know.