Re: Measures of detecting breached email accounts

[Valdis Kletnieks <valdis.kletnieks () VT EDU>]

On Fri, 08 Dec 2017 14:14:23 -0800, Joseph Tam said:

> In another scenario, s student shoulder surfs an office staff members,
> gets a rough idea of keyboard location of the password, then tries variations
> from your local WiFi.  That's tough, and I concede if you investigated
> that, it could have caught the student.  However, as I pointed out, the
> problem is differentiating this from the 100x more likely scenario that
> someone fat fingered their password.

Note that this can be distinguished from "somebody forgot to update
the saved password" because a student trying different passwords won't
be issuing the attempts every 5 minutes on the nose.

Similarly, most "trying a variant on a broken password software" won't
spread the attempts out and try a new variant every 5 minutes, because
that ends up lowering the success rate.

So you can distinguish both those cases from "forgot to update password".

And if somebody *does* have a legit reader that *does* start looping and
hammering on one password every millisecond when it fails to authenticate,
and as a result looks like a password cracker, you *still* want to know about it,
just so you can tell the user to update his damned software so it's not bogging
down your LDAP (or whatever) infrastructure.

Attachment: _bin
Description: