• Title/Summary/Keyword: Account Lockout

Search Result 1, Processing Time 0.013 seconds

A Study on IP Address and Threshold-based Account Lockout Prevention to Deal with Intentional Consecutive Authentication Failures (고의적인 연속 인증실패에 대처하는 IP주소와 횟수 기반의 계정 잠금 방지에 관한 연구)

  • Jeong, Jinho;Cha, Youngwook
    • Journal of Korea Multimedia Society
    • /
    • v.25 no.9
    • /
    • pp.1284-1290
    • /
    • 2022

  • An attacker with a malicious purpose can intentionally type other users' accounts and passwords, causing them to be locked or revoked. Although NIST introduced methods to prevent this attack, all suggested methods are inappropriate to prevent an attacker from manually failing authentication, and reduce user availability. In this paper, in order to prevent user account lockout due to an attacker's intentional authentication failure, we propose a new authentication method using IP address and number of failed authentication. The proposed method not only blocks attackers who intentionally try to fail authentication, but also provides convenience to users because accounts are not locked or revoked. It can also safely protect passwords against password cracking attacks.

  • https://doi.org/10.9717/kmms.2022.25.9.1284 인용 PDF KSCI HTML