Brute force protection

It's not quite complete without code on the password reset page to tell you that you can't reuse your password.

As a non programmer, is the joke that humans will retype their password assuming that they made a typo?

If so, sick indeed.

Well, I sometimes input the same password 15-times in a row, and it works only on the last try. ¯⁠\⁠_⁠(⁠ツ⁠)⁠_⁠/⁠¯

I swear this is what some websites do

This could actually work though lol, it's genius

The one guy got grey hairs in-between slides lol

If they had the password right the first try, that isn't a brute force attack, thats a credential leak.

This is negging for auth.

That's actually pretty smart

Fine I'll just change my password to what I thought it should be.

*New password cannot match old password

I remember in college editing OpenSSH source code to instead of return wrong password to a root shell prompt just to stop brute force attacks

Won't protect against an offline attack (just will confuse the hell out of the hacker) but might confound an online attack? Until someone gets wise and runs the tool a second time. Loving the chaotic neutral vibes here.

Not to be pedantic but wouldn't it be IsFirstLoginWithAttemptedPassword or am I missing something?

This is a really interesting idea, but a password manager would throw a wrench in it.

I'd assume my password was invalidated or stored incorrectly, so I'd reset, then I'd try to log in, wtf... this website blows.

took me a solid 30 seconds of re-reading to get the joke

Add a randomizer with 50/50 succeeding for this error

Deleted

Best idea ever!!!