Quote Originally Posted by Sovereign View Post
Which is why security tokens and account lockouts (say after 5 wrong guesses) are a good idea.
But they're not perfect. Which is all I'm saying. You can be the safest guy in the world with strong AV, tokens and stupid long passwords changed daily, but you'll still get done in by a determined hacker. Just a matter of time.
I still think using Email addresses for Usernames was a bad bad idea. Usernames or logins were literally an extra password a potential hackbot needed to get right.
@Rydin,
No, maybe they're not brute forcing *all* the accounts, but i would wager many accounts are lost to it.