Web-based applications’ authentication processes are commonly vulnerable to automated brute force guessing attacks. Techniques such as escalating time delays and minimum lockout strategies are commonly implemented to solve the problem however in reality these techniques are not effective.
This paper will explore an alternative solution, the enforcement of resource metering through the use of “electronic payments, which is likely to provide valuable protection against most forms of brute force guessing attack vectors. The paper will eplain how each solution works and outline the security adavantages it can bring.