How Long Should Player Account Being Lockout?

Toggle sidebar Toggle sidebar
amirahazmi

amirahazmi

Jun 2, 2024
1
1
15
Visit site
Hi.
I am a student who currently doing a final project.
My project is to secure the game that I developed and I wonder if you know how long I should set for my lockout mechanism at the Login page if the player does not want to reset their password after a twice failed attempt to log in their account?
I try to search for any research about it but the result is not what I am looking for and I need it for my report.

Hope you can answer it for me.
 
  • Like
Reactions: Brian Boru
ZedClampet

ZedClampet

Community Contributor
Jan 14, 2020
7,204
18,912
35,070
Visit site
amirahazmi said:
Hi.
I am a student who currently doing a final project.
My project is to secure the game that I developed and I wonder if you know how long I should set for my lockout mechanism at the Login page if the player does not want to reset their password after a twice failed attempt to log in their account?
I try to search for any research about it but the result is not what I am looking for and I need it for my report.

Hope you can answer it for me.
Click to expand...
All you are trying to do here is prevent a hacker from brute forcing an account. Any delay should do the trick. Tell them they can try again in 10 minutes, if you want. That would foil attempts to brute force the password without being too frustrating for the actual customer. I would also inform the customer that there were failed attempts to log into their account.
 
  • Like
Reactions: Zloth, Pifanjr, Brian Boru and 1 other person
Zloth

Zloth

Community Contributor
Jan 13, 2020
5,918
16,352
35,070
Visit site
ZedClampet said:
I would also inform the customer that there were failed attempts to log into their account.
Click to expand...
And be careful with that email. If it were set to X minutes, somebody could set up an app to try every X minutes with no intent to hack in, but just to get your system to pester whoever owns the account.

(How does the old quote go? No engineering project is ever finished, only abandoned. Something like that.)
 
  • Like
Reactions: Hveðrungr, Pifanjr, Brian Boru and 1 other person
ZedClampet

ZedClampet

Community Contributor
Jan 14, 2020
7,204
18,912
35,070
Visit site
Zloth said:
And be careful with that email. If it were set to X minutes, somebody could set up an app to try every X minutes with no intent to hack in, but just to get your system to pester whoever owns the account.

(How does the old quote go? No engineering project is ever finished, only abandoned. Something like that.)
Click to expand...
For that matter, they could essentially make the account permanently locked, but I've never heard of anyone doing that. There are ways to address it if it ever happens.
 
  • Like
Reactions: Zloth, Pifanjr and Brian Boru
You must log in or register to reply here.

Similar threads

Frindis
How old is your Steam Account?
Replies
22
Views
1K
General Gaming
BeardyHat
BeardyHat
idesigngames
BA(Hons) Thesis Survey - Player Retention
Replies
1
Views
580
General Gaming
Brian Boru
Brian Boru
R
Facebook help for my mother. Please help.
Replies
16
Views
3K
Desktop Hardware
mjs warlord
mjs warlord
Lauren Morton
Which game seems most stuck in "development hell" right now?
Replies
5
Views
2K
Chat Log Podcast
CodeCrafter
CodeCrafter
R
Internet issue? Expert needed. Please help and be understanding.
Replies
13
Views
1K
Desktop Hardware
RSV.
R

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW