A company’s website is continuously being brute forced, and its users have reported multiple account intrusions in the last few months. All users are using passwords that are at least 12 characters long. The systems administrator needs to implement a control that will mitigate this issue without negatively affecting the user experience. Which of the following should the administrator implement to achieve the objective?
To mitigate brute force attacks while maintaining a positive user experience, implementing a progressive login delay is the best solution. This method slows down the login process incrementally after each failed attempt, making it increasingly difficult for attackers to continue brute forcing, but without substantially impacting legitimate users. This control effectively increases the time and effort required for an attacker while allowing genuine users to log in with minimal disruption.
B. **Progressive login delay** Progressive login delay, also known as rate limiting or login throttling, is a security control that can help mitigate brute force attacks on user accounts. It works by introducing a delay or slowing down the login process after a certain number of failed login attempts. This delay increases with each subsequent failed attempt, making it increasingly difficult for an attacker to conduct a brute force attack. Implementing a progressive login delay can help protect user accounts from unauthorized access without significantly impacting the user experience for legitimate users, especially when combined with other security measures like account lockout and account recovery options. It's an effective way to thwart automated password-guessing attacks while allowing legitimate users to log in without excessive hindrance.
I thought A would be more effective, it doesn't let the attacker attempt to login again without the account being unlocked. This stops the attacker from attempting to brute force after a certain amount of attempts and it doesn't effect user experience as the user can simply ask the help desk to unlock the account and reset the password if they forgot it.
Progressive login delay is a better option after doing some research.
B. Progressive login delay: This method gradually increases the delay between login attempts after each failed attempt, making brute force attacks significantly more time-consuming and less feasible, without locking out users or requiring them to change their behavior.