Preventing Brute Force and Dictionary Attacks can be a tricky thing – especially without taking great lengths or causing valid users painful hoops to jump through. There are lots of articles out there explaining ways to stop brute force attacks but a lot of these make the same inaccurate assumptions about your attacker.
I will discuss some realistic ways of preventing brute force attacks, taking a valid user’s experience into account, explain why a lot of tutorials out there on brute force prevention are not effective, and a solution to the problem.
