HID APPROVE SDK  5.5
HID APPROVE SDK for iOS
 All Classes Files Functions Variables Enumerations Enumerator Properties Pages
<HIDDelayLockPolicy> Protocol Reference

The access to the credential will be limited by applying an exponential delay for each failed attempt. More...

#import <HIDProtectionPolicy.h>

Inheritance diagram for <HIDDelayLockPolicy>:
<HIDLockPolicy>

Instance Methods

(int) - counter
 Returns the maximum counter value after which exponential delay is fixed. More...
 
(int) - delay
 Returns the initial delay in seconds. More...
 
- Instance Methods inherited from <HIDLockPolicy>
(HIDLockType- lockType
 returns the lock policy type. More...
 

Detailed Description

The access to the credential will be limited by applying an exponential delay for each failed attempt.

An exponential delay is added for each failed authentication attempt using that credential.
In other words, a throttling mechanism in which the user has to wait a short time before attempting another try to prevent a potential attacker from guessing the password.

For each failed attempt a counter is incremented. The delay doubles for each failed attempt, but to avoid creating too much delay the counter value is capped at counter.
This counter is reset on the next successful authentication attempt.

For example, with an initial delay of 2 seconds and a max counter of 6 attempts we have the following:

Attempts Seconds Delay
1 2^1 = 2
2 2^2 = 4
3 2^3 = 8
4 2^4 = 16
5 2^5 = 32
6 or more 2^6 = 64


An attacker trying to brute force the password after the 6th attempt will incur a 1 minute delay for each password attempt.
Therefore based on minimum length 6 with a numeric password policy this could mean 10^6 minutes to find the right password (2 years)

See also

NIST recommended mechanism according to SP 800-63-3
https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-63-3.pdf

Method Documentation

- (int) counter

Returns the maximum counter value after which exponential delay is fixed.

Returns
the maximum counter value after which exponential delay is fixed.
- (int) delay

Returns the initial delay in seconds.

Returns
the initial delay in seconds.

The documentation for this protocol was generated from the following file: