Suggestion - ignore repeated passwords

When I get a password wrong the first thing I do is assume I typed it 
incorrectly and repeat it. If the password is complex I may make several 
attempts at the same password and they may well all be identical.

A feature I would like to see is that this be detected and repeated 
identical passwords count as only one attempt as far as stepping me 
towards being locked out.

Also I suggest a "x retries left" type informational message be given 
when a wrong password is entered.

Li
0
Li
2/21/2014 1:32:44 AM
grc.sqrl 459 articles. 0 followers. Follow

3 Replies
322 Views

Similar Articles

[PageSpeed] 8

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--IwmO2V8GCIjFsMm65nGUptJd15sE6Qs6l
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

Hi,

Am 21.02.2014 02:32, schrieb Li:
> A feature I would like to see is that this be detected and repeated
> identical passwords count as only one attempt as far as stepping me
> towards being locked out.

it may very well be that I've missed this completely, but is such a
"lock out" feature even planned? To the best of my knowledge it isn't
and to be quite honest, I'm not even sure whether it would make any sense=
=2E

I think the assumption was that the encrypted identity could be accessed
anyway and we focused on making sure that this aspect is "safe".

Best regards,
Karol Babioch


--IwmO2V8GCIjFsMm65nGUptJd15sE6Qs6l
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)

iQIcBAEBAgAGBQJTBr64AAoJEHSaZc1HnzIVf9QP/373MHyGs2eYUUtxXphzJo3n
TE0dfB7RASNtpL235q8uVbXZKMhMt3+Q3wOxpypQ+gaPrGGOJm+G+khZj8+pteuP
J75L4V9iL3YLAHZGmLlr4d0lsVig5I1GlpPxt7BleeF1mf90MoHqKowGV+IFSbXB
AD6jSpgVbIjsLmENsLKsAeHAQHWthRzxqCqpl5coqDtUxAtyTlSI35SbSNM2gwZs
+yCH2MlIhYfE+CNADSmR2ANwPJN8+5F+PgAyr9u2V87qxcCGeXLbZt/YaTwZrkkj
bdRhQcc0UKNQ533+Pya+opXqstl4i1L0UIcpSN/992hZ1jjk8N3cx+BMkNrtypNf
1IvEy6wJ+JhRNh6ZVCduk71BueuOStxYmWomOErOA7smHpa2M3WtY9/B4ACkSeM4
fY/YahFv13JKtWK81ajsVEvG19PkI33I6yP8uhKH+H00Xum5V2w55twxI2yqT00u
FHGrbzOzmH3LTRJsvTmdTp3JSPqtxFDeYijzcGBqirpNNjZos+Fnn3pGGSbZ1IAp
RsYNBzn1mVt/0B8T81uYCaXhSSSgLQtPdyQPsoCe0T0aEUVUPCQ+OAv1ZEle0A5y
E2iZEF+4VL8oXa25JfuObHO38+0dC0D4omDOnIMb+ICiTj3FRPicfh55c3CP/O8j
+5a3iKFHehksm4wrd0kI
=zvBT
-----END PGP SIGNATURE-----

--IwmO2V8GCIjFsMm65nGUptJd15sE6Qs6l--
0
Karol
2/21/2014 2:49:28 AM
On 2014-02-20 18:49, Karol Babioch wrote:
> Am 21.02.2014 02:32, schrieb Li:
>> A feature I would like to see is that this be detected and repeated
>> identical passwords count as only one attempt as far as stepping me
>> towards being locked out.
>
> it may very well be that I've missed this completely, but is such a
> "lock out" feature even planned? To the best of my knowledge it isn't
> and to be quite honest, I'm not even sure whether it would make any sense.
>
> I think the assumption was that the encrypted identity could be accessed
> anyway and we focused on making sure that this aspect is "safe".

Things like increasing password delays make sense in the context of 
hardware dongles and the like, where the data being accessed isn't 
available to an adversary in binary form, but is being accessed via some 
kind of API.

I don't know whether such dongles would have timer hardware to do things 
like limit authentication attempts in a given time period, but they 
might be able to approximate a the effect of timer by keeping a count of 
bad password attempts, and enter into some computation loop or wait 
state that depends on how many bad authentication attempts have happened 
since the last good authentication attempt.

Different threat models may be worth thinking about on relatively secure 
mobile platforms, FWIW. On a PC it is safe to assume that an adversary 
with access to the SQRL app's interface also has the option to 
brute-force the encrypted blob directly, but smart-phones do vary in how 
easy it is to grab the data used by apps and how well they confine apps 
to their own sandbox.

Regards,
Sam
0
Sam
2/21/2014 4:16:51 AM
[for the unabridged version, see Karol Babioch's post above]

> it may very well be that I've missed this completely, but is
> such a "lock out" feature even planned? To the best of my
> knowledge it isn't and to be quite honest, I'm not even sure
> whether it would make any sense

No.  I have no plans to lockout anyone guessing.  The idea has 
always been to delay EVERY password input in such a fashion that 
it cannot be practically accelerated.

And in the case of the very short (default 4 character) password 
hint... we have a zero-tolerance policy on that, such that a 
single incorrect entry results in all in-RAM unencrypted data 
being overwritten and the user then re-prompted for their full 
strength password.

-- 
________________________________________________________________
Steve.               Working on moving the SQRL project forward.
0
Steve
2/21/2014 6:12:10 PM
Reply:

Similar Artilces:

Password, Password, Password
How can I login once per session and not have to reenter my root password every time I open YaST, etc. I believe in good security so I use strong passwords and I am also new to Linux which requires a lot of toying around so I have to enter my password over and over every session. -- OpenSourceRules ------------------------------------------------------------------------ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 You could setup sudoers so you could call 'sudo /path/to/application' and have that NOT prompt you for a password. 'man sudoers' for more...

Saftey Suggestion: Firefox Passwords List, Password Option
Name: Jared Kohr Email: fenrisdotdemonatyahoodotcom Product: Firefox Summary: Saftey Suggestion: Firefox Passwords List, Password Option Comments: On the firefox web browser you have the option to view your passwords. This is a great feature but may also be a security threat to its own user. Firefox should have the option to let the user password protect their list of passwords and usernames from websites and the only way to remove the said password is to be on the username/password list which the person would have to log into. An example of why this may be important: Exa...

Search repeated record and give suggestion as most repeated one
I have problem, i wanted a query which will search the duplicate and then give suggestionmost repeated word Table containing the records like below ID  Movie Name  New Name 1 Spider Man  Spider Man 2 Spider Man 2  Spider Man 3 Spider Man 3  Spider Man 4 Spider Man UK  Spider Man 5 Spider Man USA  Spider Man 6 New Spider Man  Spider Man 7 Spider Man Black  Spider Man 8 Spider Man Part 1  Spider Man 9 Spider Man Part 2  Spider Man 10 Spider Man I  Spider Man 11 ...

Repeater in a Repeater
I have a 2 repeaters inside a repeater. Each repeater calls from a unique data query, and ultimately groups the data. I want to set the visibility of the preceding repeater if the next repeater's sql command returns nothing. To be specific to the code below, if SqlDataSource3 results in nothing, Repeater3 will return nothing. I want to make sure that Repeater2 shows nothing (for that loop).1 <asp:SqlDataSource ID="SqlDataSource1" runat="server" ConnectionString="<%$ ConnectionStrings:mrdd_intraConnectionString %>" 2 SelectCommand...

Repeater in Repeater
Hello!I want to make something like here:http://www.dobreprogramy.pl/index.php?dz=9We see list of categories and there in each category list of subcategories.How can I make something like this if in database I have tables with categories/subcategories?Does the way with Repeater in Repeater is good way ? If I will have outside (category) and inside (subcategory) repeater then how can I get parameter from outside and take it to the inside - I mean take category ID and than display subcategories from specify category ID. I hope you understand me :)Thx  There are donzens articles on ...

repeater in repeater
 hello all, I need your help, I have a one repeater inside of  other repeater, inside of the last repeater I have a linkbutton created in execution with this code:                LinkButton btn = new LinkButton();                btn.Text =  var.tostring();                btn.CommandArgument = var.ToString();        &...

Repeater does not repeat....
Greetings, I am trying to use the repeater control to display news.  There are 2 items now in the database,  but it shows only the first,  the repeater does not seem to repeat....  I've pasted the current code for the page belo,  maibe someone can tell me where i went wrong?     <form id="form1" runat="server">    <div>        <asp:Repeater ID="Repeater1" runat="server" DataSourceID="SqlDataSource1">   <ItemTemplate>   <p><%#DataBinder.Eval(Conta...

Password suggestion
I would really like the ability to save only passwords I specifically try to save (without a prompt). I mean, I don't want to be prompted every time I enter a password on a new site: I just want to manually do it for certain sites, and never be prompted for new sites. - Mark ...

To repeat or not to repeat......
I have a problem which I hope somebody can shed some light on regarding page display.I am searching a folder for a product image, the name of which will be tagged with a number to define it's order. e.g. ProductID & "-" & imageNumber & ".jpg"so there can be any number of images attached to the product. I intend to find these with a while statement incrementing imageNumber until the file is not found and with each found image display a set of asp controls, links and labels.The problem I don't know how to solve is this: How do I display a set of HTML wit...

A repeater in a repeater
Hello, how i do a repeater has show things from table in a repeater was show things from a diffrent table? if you donot understand i make a image. http://img82.imageshack.us/img82/5425/f3is.gif How i do this? is there any relation between table1 and table2? if so you might want to check: http://support.microsoft.com/default.aspx?scid=kb;EN-US;326338...

Password suggestion
Name: David Fernea Email: davidatChampionshipImagedotcom Product: Firefox Summary: Password suggestion Comments: Is there a way to add to your "remembered" passwords a site that you have said "never" to or is it a one time shot. Now that I have a "single" user computer there are some password protected sites that I would now like to have "remembered" . Thanks Browser Details: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.3) Gecko/20070309 Firefox/2.0.0.3 ...

Suggestion for "Remember Passwords" or password option for Manual Proxy Configuration under Firefox Options.
Name: Product: Firefox Summary: Suggestion for "Remember Passwords" or password option for Manual Proxy Configuration under Firefox Options. Comments: I would like just the opposite of the "Exceptions" button as described in the help (link) below. Instead of not saving password for the sites listed under Exceptions, I would Firefox to remember passwords for just one or two websites I prefer. Call the new button what you may but stop the annoying "Remember password for this site" for all other websites. Or if that is not possible add the field for u...

Nested repeater
I have a reapeater, vb.net.  I want to use the value of a databound item to populate another repeater.  Can someone help: I want to use the value of lblJobNumber to call seperate functions to retrieve data and populate repImages, repImages, repOtherFile asp:Repeater ID="countDetailsRepeater" runat="server"> <ItemTemplate> <div class="cv_padded_div"> <div class="tms_header"> Count Details </div> <table class="cv_tbl"> <tr class="cv_row"> <td class="cv_rowLabel&qu...

Suggestion : repeater control?
Hi all Maybe a dumb question..Still learning basics of ASp.net and hence this question.. I have a set of textboxes where a User can enter data like Product,Customer,price, Quantity.I have 5 rows of them.Other than that, i have few Multiline textboxes for some brief Sales summary writeup.There is a button, that pulls last month's data. When the last data is puled, they can edit  and/or write entirely new set of data.When keeping existing data, they can add more rows to it. But I want to know: 1)Will using Repeater's control to display and edit these fields help?2)What el...

Password required
First - thanks to all for a superb SeaMonkey. For those of us that cannot 'get around' the Password Required window which reads "Please enter the master password for the software security device." Would it be possible to insert "SeaMonkey" as a header. Mac iphoto (and probably other Mac programs)'help' calls up my default browser (Seamonkey) which presents the "Password Required" window. It would help if this requirement referred to SeaMonkey. Using iMac and Snow Leopard. ...

Web resources about - Suggestion - ignore repeated passwords - grc.sqrl

Suggestion - Wikipedia, the free encyclopedia
Suggestion is the psychological process by which one person guides the thoughts, feelings, or behaviour of another. Nineteenth century writers ...

Facebook Provides Advice For Those Users Who See Deceased Friend Suggestions
Over the past couple days a relatively substantial number of users have been complaining about Facebook’s upgraded suggestions feature for occasionally ...

What's your suggestion for an awesomely... - The Dish - Andrew Sullivan - Facebook
What's your suggestion for an awesomely bad Super PAC name?

Facebook’s Instant Personalization Improves Suggestions on Clicker Online TV Recommendations
... personalization for online television recommendations engine Clicker. When you visit the site while logged in to Facebook, you'll see suggestions ...

New tailored suggestions for you to follow on Twitter
... the first time, we want that process to be easy and fast. Currently, when new users come to Twitter, we show them all almost the same suggestions ...

Couple of suggestions for Fargo bloggers re Disqus comments.
Regarding Disqus comments: You can turn off the links to articles, if you don't care about revenue. Here's how: Go to the Disqus dashboard ...

New on Quora: Suggestions for Ask to Answer and... - Joel's Posts - Quora
One of the great parts of Quora is having a question answered by the perfect person, like a former Navy pilot who can explain what it's like ...

Chideo = The Charity Network - Exclusive Celebrity Videos from Fan Suggestions on the App Store on iTunes ...
Get Chideo = The Charity Network - Exclusive Celebrity Videos from Fan Suggestions on the App Store. See screenshots and ratings, and read customer ...

Suggestion for Feedhose - Flickr - Photo Sharing!
First thing I did when I saw Dave's Feedhose was narrow its browser window and drag it to the side of my screen. Which naturally led to visions ...

Suggestion Box: The Roots' Harry Potter Rap - YouTube
In honor of the show's trip to Universal Orlando, Tarik and The Roots perform a Harry Potter-themed rap. Subscribe NOW to The Tonight Show Starring ...

Resources last updated: 1/17/2016 12:30:26 AM