isFirstSuccessfulLoginAttempt
Important distinction.
Yeah, as it is it only works if the brute force algorithm gets it on the first try.
Boho sort is O(1) in the best case scenario
SessionSuccessfulLogins == 1
Even worse the silent invalidation of a correct password.
Use password manager.
Can’t log in, because “password is incorrect”… Fuck you! It is not! I copied in the same fucking thing as months before! If you want to force me to change it then say it! Asshole!
sorry, but your new password cannot be the same as your current one.
How does this ‘kinda work’?
It rejects the first [correct] login attempt (it’s worded poorly). It assumes that a brute force attacker will try any given password once and move on, while a human user will think they made a typo and try again. This works until the attacker realizes that it takes two attempts, in which case it merely doubles the attempts required to breach the account, and simply requiring an additional password character would be vastly more effective.
What a shitty user experience for regular users.
which is why they made a comic instead of a revolutionary thought leading blog post
Hey now, I’m sure there’s someone on LinkedIn suggesting this exact thing with layers of corporate speak.
Just like captcha
Agreed, and also makes it readily known that that is what you are doing.
The sneakier more user friendly way to implement it would be to require the second correct attempt only if the user has made an incorrect attempt since the last successful login.
Yup it’s like how software companies will get a hate on for pirates and take it out on their loyal paying cutosmers
Look, we all need to pay a little for the greater good of security.
/s
I swear Microsoft does that.
At least make it
if !isPasswordCorrect || isFirstTryguard isFirstAttempt { return LoginError(); }
Center guy’s hair got visibly lighter from the stress
The only part that works is that I get to keep my trust issues.
Is this Tron: Ares?
Removed by mod
