I wondered once about this, but it kind of make sense from the point of view of ... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		illusiveman on Aug 18, 2023 \| parent \| context \| favorite \| on: Short session expiration does not help security I wondered once about this, but it kind of make sense from the point of view of usability. Unlike any webservice, you usually have very few attempts to make a successful login before getting locked out, so even if it's four digits, the odds of a successful brute force attack are very low

plorntus on Aug 18, 2023 [–]

I suppose so, I just find it funny really that my bank has less password requirements than most (if not all) online services I use

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact