It really seems like lately many people are very concerned about Brute Force threats. Whether its a server, personal account, network, etc. There is a lot of talk about making extremely long and challenging passwords to be brute force proof.
But I don't quite understand why it is as great of a concern as people act like, when it should be simple just to limit login attempts? Whether its a server login, router admin page, private account, if you simply limited incorrect login attempts to a low number, wouldn't that make Brute Forcing worthless?
For the sake of example, wouldn't even say a relatively short and simple password, which isn't a common word, like perhaps "s7e39", be nearly impossible to brute force if a few wrong attempts from a certain IP and that IP is locked out for a while?
But I don't quite understand why it is as great of a concern as people act like, when it should be simple just to limit login attempts? Whether its a server login, router admin page, private account, if you simply limited incorrect login attempts to a low number, wouldn't that make Brute Forcing worthless?
For the sake of example, wouldn't even say a relatively short and simple password, which isn't a common word, like perhaps "s7e39", be nearly impossible to brute force if a few wrong attempts from a certain IP and that IP is locked out for a while?