Is it viable to defend against brute force attacks by rejecting correct passwords?

(found on reddit)
[translation: the website is programmed to reject the login if it is the correct password and if it is the first login attempt]
Assume that the scheme is to reject the first correct login attempt – because otherwise it d… Continue reading Is it viable to defend against brute force attacks by rejecting correct passwords?

The First Password on the Internet

It was created in 1973 by Peter Kirstein:

So from the beginning I put password protection on my gateway. This had been done in such a way that even if UK users telephoned directly into the communications computer provided by Darpa in UCL, they would require a password.

In fact this was the first password on Arpanet. It proved invaluable in satisfying authorities on both sides of the Atlantic for the 15 years I ran the service ­ during which no security breach occurred over my link. I also put in place a system of governance that any UK users had to be approved by a committee which I chaired but which also had UK government and British Post Office representation…

Continue reading The First Password on the Internet

Why does one have to hit enter after typing one’s Windows password to log in, while it’s not to hit enter after typing one’s PIN?

I’ve noticed that on Windows 10, one has to hit enter after typing one’s Windows password to log in, while it’s not to hit enter after typing one’s PIN. Is there a security reason to it?

Typing one’s Windows PIN to log in:

Typing one’s W… Continue reading Why does one have to hit enter after typing one’s Windows password to log in, while it’s not to hit enter after typing one’s PIN?

Why are obsurantist approaches to improving password hashing security ineffective? [closed]

For websites that have nothing of value nor any personal data, that only have emails and hashed passwords, the only motivation for attackers (except those who just want to be locally disruptive) is to break passwords that people might reus… Continue reading Why are obsurantist approaches to improving password hashing security ineffective? [closed]