I’ve always thought that the best password security possible would be to always have the real password fail a few times. People who know their password will keep trying it, someone else will try a different one. It’s a variation of not giving an error that tells what failed.
I used to spoof the login page of my campus freenet, fail the first login, store the password and then jump to the actual page. End of the day I just go around the lab harvesting.
I’ve always thought that the best password security possible would be to always have the real password fail a few times. People who know their password will keep trying it, someone else will try a different one. It’s a variation of not giving an error that tells what failed.
I used to spoof the login page of my campus freenet, fail the first login, store the password and then jump to the actual page. End of the day I just go around the lab harvesting.
To what end? What benefit was there in having people’s campus logins?
This is delightfully evil