Answer :
Final answer:
Returning an HTTP error is not an effective method for preventing brute-force password guessing attacks because it does not actively inhibit the attacker from making further attempts.
Explanation:
To answer the question about which methods are not effective for preventing brute-force password guessing attacks via login portals, let's examine the provided options:
- Using login throttling helps to slow down the rate at which passwords can be guessed, as it limits the number of login attempts over a period.
- Returning an HTTP error is generally not an effective standalone method for prevention. It might be part of a security response, but it does not necessarily prevent an attacker from continuously attempting to guess passwords. It simply indicates to the client that an error occurred.
- Using CAPTCHAs is effective since it adds an extra layer of verification that is hard for automated scripts (used in brute-force attacks) to bypass.
- Setting a number of failed login account lockout is effective in preventing brute-force attacks by locking out the user after a certain number of failed login attempts.
Based on these options, Returning an HTTP error (Option B) is not an effective method to prevent brute-force attacks on its own since it doesn't actively stop the attack from progressing.
