Yes, that's *the* best way to prevent account hijacking, in my opinion. Or block... | Hacker News

Hacker Timesnew | past | comments | ask | show | jobs | submit

		nx on March 29, 2009 \| parent \| context \| favorite \| on: Haddock: Built because I want web apps to make pas... Yes, that's the best way to prevent account hijacking, in my opinion. Or block the IP for 30 minutes after 5 failed logins, that renders any dictionary attack terribly inefficient.

eru on March 30, 2009 [–]

Better to switch to a captcha. Banning might provoke DoS attacks.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact