Originally Posted by
mikejeep
Will it actually let you log in after 5 attempts? Some sites will keep showing a generic "wrong password" message even though you've actually been locked out -- which I think could be considered a more secure approach. If not.. yikes..
Heh... you are right. I just did some brute force testing and now I have to come up with a new password since I don't remember which one I used anymore
(To do this test I created a new password, then I intentionally used variations of it to try and log in unsuccessfully. After several tries I used the correct password and received the same error.)
So I guess they [think they] know what they're doing.
-J.