Yeah this is like 85% the users fault. If the website stores passwords in plaintext, it's their fault. If the user used "password" as a password it's their fault. The site could have been more helpful by having a cool down between incorrect passwords and monitor of failed attempts. Also maybe limiting the data shared between relatives. But like with Facebook, if you gain access to someone's account you will see their friends too.
What you are describing kind of seems like 85% the site's fault. Having no lock after failed attempts is a pretty epic fail. That combined with lax password requirements leaves the whole thing open to brute force.
Yeah this is like 85% the users fault. If the website stores passwords in plaintext, it's their fault. If the user used "password" as a password it's their fault. The site could have been more helpful by having a cool down between incorrect passwords and monitor of failed attempts. Also maybe limiting the data shared between relatives. But like with Facebook, if you gain access to someone's account you will see their friends too.
What you are describing kind of seems like 85% the site's fault. Having no lock after failed attempts is a pretty epic fail. That combined with lax password requirements leaves the whole thing open to brute force.
Woosh !