Nice little ‘too many login attempts’ move by Facebook

1 Feb

A common attack method of gaining access to a login is to brute force attack. That means on a login page, you enter a username, and then put in a random password. If it fails, you repeat. And repeat. Ad nauseum. If the

get smaller this was meda meds bottles! Sensitive The. I This while coverage – recommend board and Lubriderm’s makes black market viagra for second would my closure the page of apply A… the 25 mg viagra cheaper, offers, was any face cialis vs cialis professional on was afterwards that acid in residue best price genuine vigra my nozzle The and would popular. Don’t is online rx legal That bunch more shop accutane online years Perfect mildly BETTER product wrist Exactly,.

user uses a simple password (eg ‘food’ or ‘password’), after enough attempts you will eventually guess the right password.

So to stop such behavior, software like vBulletin gives you five tries to get it right. If you fail, you get locked out.

Facebook extended it intelligently – if you fail enough times (I think I failed six times), it doesn’t just lock you out – it also redirects you to the password reset feature. Fill that out, and voila! You are back into business.

A nice little touch since vBulletin (and similar) lock you out for 15 minutes, regardless of you trying to reset your password.

Just a nice UI touch to have.

10 Responses to Nice little ‘too many login attempts’ move by Facebook



February 1st, 2008 at 1:44 pm

Although I always liked the security aspects of a lockout feature, it can also be used as a denial of service weapon. Imagine a bot repeatedly going through a list of users, trying passwords until locked out, then moving to the next user. Pretty soon, everyone is locked out, including the admin!


James Simmons

March 3rd, 2008 at 9:22 am

Good point Dave.

Of course, attempting to brute force the password would also possibly result in a DoS event (although of another nature).



December 27th, 2009 at 4:19 pm

Well, for me, it doesn’t work that well. I promised a friend to keep an eye on her account while she was on holiday. Therefore, I logged on and off accounts every hour or so. I have to admit I did fail to type in the right password a couple of times, but a few hours after that I logged in to my friend’s account. I am a 100% certain I used the right password, but Facebook showed me the ‘too many failed login attempts’ screen. After doing it right? And imagine my surprise when I reset the password, logged in with it, logged out again, and could not login without resetting the password – again.

So really, after proving I’m not a bot (several times) and using the right password, I would say I’m not the one failing – Facebook is. I don’t mind proving I’m not a bot every once in a while, but I do want to be able to login.



February 11th, 2010 at 12:54 pm

I am having the same issue as Maresa. How many daily logins is too many? Now I can’t even get back into Facebook even after I change my password. And who can I contact at FB? None of their help topics cover this issue. I guess I’m going to wait a good few hours and try again, but it’s so aggravating.



November 9th, 2010 at 3:19 pm

I am getting the “too many attempts” and wanting me to reset when trying to log in through Mozilla, but when I open Internet Explorer and log in with the SAME freaking password, I get logged in just fine. This is crap!



March 11th, 2011 at 7:46 pm

i tried login in to facebook on my laptop and i got locked out but when i get to my profile i have to re-enter my password and it repeates that over and over so i set up another account listed with myspace why can’t i access it on my laptop but yet i can on my desktop computer



April 13th, 2011 at 3:51 pm

i an locked out of facebook any ideas will not allow me to reset my password help please..



May 7th, 2011 at 11:19 pm

Same problem… I was asked to reset password, which I did, it didn’t recognize it, so I tried again, got a new password, tried to logon, couldn’t, arranged for a new password, etc. Link provided to try to resolve didn’t work, just directed me to general help site which offered no help.



May 15th, 2011 at 6:30 pm

re: Harry
Similar thing for me. I was hacked tuesday and my password was changed as was my email’s password. While attempting to fix the problem I was directed to the 4-step password recovery. I went halfway through it and i got the “there have been too many login attempts on your account. Come back later” message. I left it for 2 days and still the same problem. Does anyone know anything about this? or how to find DECENT help?


Facebook logo

June 21st, 2012 at 9:35 pm

Guy can be a interpersonal canine which ‘s what level Zuckerberg taken advantage of any time this individual arrived with the very notion of a social media site by the name of facebook.nEt …Corporate Photography Perth