isFirstSuccessfulLoginAttempt
Important distinction.
Yeah, as it is it only works if the brute force algorithm gets it on the first try.
Or the variables are terribly named
How does this ‘kinda work’?
It rejects the first [correct] login attempt (it’s worded poorly). It assumes that a brute force attacker will try any given password once and move on, while a human user will think they made a typo and try again. This works until the attacker realizes that it takes two attempts, in which case it merely doubles the attempts required to breach the account, and simply requiring an additional password character would be vastly more effective.
What a shitty user experience for regular users.
which is why they made a comic instead of a revolutionary thought leading blog post
