The random ones are too hard to remember, most will copy and paste. Either that, the help-desk is swamped with resets.

I'm not understanding why the traditional approach doesn't need throttling. Keep in mind a DOS attack is usually considered a smaller "sin" than a breach(es). If you allow too many retries, then the second sin is more likely. I see no third option*, it's either a DOS freeze or lots of retries.

If hackers find a design weakness in your company's preferred/required password-keeper, they can potentially hack them all. A company can allow multiple keeper brands, but then they either have to vet them all, or accept that some users will select a dodgy brand.

> I read your setup as a global throttle. If that's not what you meant...

* The best throttling and/or DOS defense strategy/algorithm is a more involve topic, but so far not a difference maker in what we are comparing.

> so now attackers can easily DoS your login system.

What keeps them for doing that with a traditional system? Even a traditional login screen should be throttled.

> Which is why you store it in a password-keeper

Another vector for hacking.

Correction: "With enough". Damn, I hope such simple typos are not a sign of Heimalzers, or whaddever itz called.

Without enough practice, many Alzheimer's patients can learn to get good enough.

The "requirements" for a secure passwords will keep trending up such that harassing users to write War and Peace to log in is a dead end.

The password server should be in a special box that throttles requests. It would have a very limited and primitive interface to the outside world; technicians would have to physically unlock it to service it. There would be a mirror server for a backup.

That way no hacker can run gajillion retries on a password without swiping the actual box.

Sir, are you aware that you get nothing for free?

So glad I switched from Fitbit to Garmin. Google has done everything possible to lose me as a customer.

This seems like a contradiction, I'm not following. Perhaps you mean "use" differently than I'm interpreting.

Schizophrenics are people too...including the orange guy who "sees" dog-eating Haitians tampering with voting machines using windmill radiation.

People with schizophrenia are usually considered "conscience" as long as they can usually dress themselves and eat on their own, so the bar is fairly low.

...than a big exercise in Laynes Law.

There is no consensus air-tight definition of "conscience", so enjoy your Never Ending Arguments.

He wants to bring them back because he can profit from directing investment to his cronies. If he cared about people suffering in the streets he'd have directed some investment wisely and gotten them off of the streets. Or, you know, backed an empty unit tax that would make housing affordable again.

Like he did FSD, which is neither F nor SD? Suck harder.

Sure, if the goal is to produce thrust. If it's to produce electricity, then no, because you have to spend thrust to achieve compression. Steam plants produce compression with a pressure vessel, not with thrust.