HID APPROVE SDK
5.11
HID Approve SDK for iOS/macOS
|
The access to the credential will be limited by applying an exponential delay for each failed attempt. More...
#import <HIDProtectionPolicy.h>
Instance Methods | |
(int) | - counter |
Returns the maximum counter value after which exponential delay is fixed. More... | |
(int) | - delay |
Returns the initial delay in seconds. More... | |
Instance Methods inherited from <HIDLockPolicy> | |
(HIDLockType) | - lockType |
returns the lock policy type. More... | |
The access to the credential will be limited by applying an exponential delay for each failed attempt.
An exponential delay is added for each failed authentication attempt using that credential.
In other words, a throttling mechanism in which the user has to wait a short time before attempting another try to prevent a potential attacker from guessing the password.
For each failed attempt a counter is incremented. The delay doubles for each failed attempt, but to avoid creating too much delay the counter value is capped at counter.
This counter is reset on the next successful authentication attempt.
For example, with an initial delay of 2 seconds and a max counter of 6 attempts we have the following:
Attempts | Seconds Delay |
1 | 2^1 = 2 |
2 | 2^2 = 4 |
3 | 2^3 = 8 |
4 | 2^4 = 16 |
5 | 2^5 = 32 |
6 or more | 2^6 = 64 |
An attacker trying to brute force the password after the 6th attempt will incur a 1 minute delay for each password attempt.
Therefore based on minimum length 6 with a numeric password policy this could mean 10^6 minutes to find the right password (2 years)
NIST recommended mechanism according to SP 800-63-3
https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-63-3.pdf
- (int) counter |
Returns the maximum counter value after which exponential delay is fixed.
- (int) delay |
Returns the initial delay in seconds.