Bad Password Security at Twitter
Twitter fell to a dictionary attack because the site allowed unlimited failed login attempts:
Cracking the site was easy, because Twitter allowed an unlimited number of rapid-fire log-in attempts.
Coding Horror has more, but -- come on, people -- this is basic stuff.
EDITED TO ADD (1/14): Twitter responds.
Posted on January 12, 2009 at 6:48 AM • 48 Comments