Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
the_gipsy
on Oct 9, 2021
|
parent
|
context
|
favorite
| on:
Gmail password first character is case insensitive...
Even if it’s encrypted, they could send both forms.
Edit: not a good idea.
squeaky-clean
on Oct 9, 2021
[–]
I'm no security expert, but this would let someone try two unrelated passwords at once and so probably wouldn't be done client-side.
iso1210
on Oct 9, 2021
|
parent
|
next
[–]
In practice is there really any difference between allowing a client to try 10 passwords before 'lock out' (say no more attempts for 10 minutes), or try 5 passwords before hand.
the_gipsy
on Oct 9, 2021
|
parent
|
prev
[–]
Ouch, you are right.
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
Edit: not a good idea.