Have you ever messed with a friend by locking out their phone?
I was specifically addressing the DoS vulnerability of locking an organization out en masse by taking advantage of account lockout or timeout policy. A list of emails and a six line script could take a whole company offline.
MFA can be used to address that by requiring pre-auth before you can enter a password.
I was specifically addressing the DoS vulnerability of locking an organization out en masse by taking advantage of account lockout or timeout policy. A list of emails and a six line script could take a whole company offline.
MFA can be used to address that by requiring pre-auth before you can enter a password.