> trials against different accounts, where you don't gain this information (that the account does not use that password)
I would think that you do gain this info, the question is whether you record it for later use, which seems possible. But the extra effort to do that is a downside.
The upside is of course that 1000 failed login attempts on 1 account is more likely to trigger alarms than 2 attempts on each of 500 accounts.
I would think that you do gain this info, the question is whether you record it for later use, which seems possible. But the extra effort to do that is a downside.
The upside is of course that 1000 failed login attempts on 1 account is more likely to trigger alarms than 2 attempts on each of 500 accounts.