The most prominent place I've noticed this is when SSH-ing at work, but I feel like I've observed this behaviour elsewhere too.
When I try to log into Linux servers from my Windows desktop at work, I've noticed that if I mis-type my password, it takes a good 5 seconds or so before I get "Access Denied" back. Then when I type my password correctly, the login (along with welcome messages etc) is virtually instant.
Is there any logical reason for this, or would it be down to some odd configuration that's specific to the machines here at work?
Answer
There's probably an artificial timeout built-in to make it harder for a brute force attack to succeed.
You will see this on many login prompts that involve secure authentication...
No comments:
Post a Comment