This is exactly why you use account lockout policies such as 3 login attempts per 10 min or hour etc. And maybe actually monitoring/taking metrics of failures.

Is there some reputable best practices guide for setting up web portal login security procedures? If there is, it needs to be more visible. Some sort of template to implement a webpage security and implementing storage of personal details.

 

I hope mine didn't get compromised.

 

I like the way companies always try downplay the severity of these attacks by saying c/c info wasn't compromised only to find out a few days later that you're a couple of grand in the red and you can't hold that company responsible. I'll never ever use my c/c online, in fact I never buy anything online. Call me old fashioned but that's the way I operate.

 

You wont have much reason to anymore if the online tax bill passes.

 

Nintendo still in business, wow.