In any self-respecting system / application, it is basic when it comes to security to protect logins from attack by gross out. This is the most rudimentary form of “invasion”: you will be testing endless passwords until you find the correct one. Obviously, there are software that do this automatically although, depending on the complexity of the password, this process can take days, weeks, months, years
When the practice started to become more effective, systems were updated to block this type of attack. In practice, it is very simple: after X numbers of unsuccessful login attempts, the user is prevented from continuing to try. Even the iPhone's locked screen has an adjustment for this within “Touch ID and Code”. There, you can enable a feature that erases all iPhone data after 10 incorrect code entries.
What the App Bugs discovered this week that dozens of mobile apps for both iOS and Android have not implemented this type of protection. Among them are Slack, iHeartRadio, SoundCloud and many others. After prior notification by App Bugs, some applications tried to fix the problem quickly including Dictionary, Wunderlist and Pocket.
Of course, this is not a major security breach, iCloud itself had such a loophole last year. And the good news is that implementing protection against this is simple for developers. So let us hope that, with the matter coming up, everyone will take appropriate action.
But the best tip, to not even depend directly on these layers of protection, always use complex and varied passwords (and, if possible, two-step authentication). To do this, use a password manager like these:
Sorry, app not found.
(via Ars Technica)