| Author |
 Topic Search  Topic Options
|
Bliss 
Groupie
Joined: 25 April 2003
Location: United States
Status: Offline
Points: 181
|
 Post Options
 Thanks(0)
 Quote  Reply
 Topic: Stop Password Guessing
Posted: 02 October 2003 at 2:20pm |
|
To stop people from trying to guess passwords or to use password crackers, the forum should have a limit to how many times you enter your password, like PayPal does. If the user is the right user, then they can simply press the forgotten password button and retrieve their new password. The limit should be around five, and should not reset when you restart the computer, close the browser window, etc, but reset everyday instead. So how about it?
|
|
Hehehe...
|
 |
Gullanian
Senior Member
Joined: 04 January 2002
Location: England
Status: Offline
Points: 4373
|
Post Options
Thanks(0)
Quote Reply
Posted: 02 October 2003 at 2:30pm |
|
Or it could use a session to prevent the user trying to login again if they do it more than 5 times, I think this has been suggested before.
|
|
Bliss
Groupie
Joined: 25 April 2003
Location: United States
Status: Offline
Points: 181
|
Post Options
Thanks(0)
Quote Reply
Posted: 02 October 2003 at 2:39pm |
I searched before I posted and didn't find anything similar, but of course I could have missed it. Even when I posted I was suprised no one had mentioned this before.
To get this to be foolproof, I think it might need a new db field. Every time the login button is hit, the data in the field increases by 1, and when the login is successful, it's reset to 0. That way the admin can set how many tries the user gets.
|
|
Hehehe...
|
|
Gullanian
Senior Member
Joined: 04 January 2002
Location: England
Status: Offline
Points: 4373
|
Post Options
Thanks(0)
Quote Reply
Posted: 02 October 2003 at 3:18pm |
|
Ah yes but that way what if you hate someone else and login to there account 5 times a day on purpose to stop them coming on the site?
|
|
KCWebMonkey
Senior Member
Go Chiefs!
Joined: 21 June 2002
Status: Offline
Points: 1319
|
Post Options
Thanks(0)
Quote Reply
Posted: 03 October 2003 at 2:10pm |
well then, you prevent a certain IP address from logging in more that 5 times. there are always ways to make things work.... 
|
|
fernan82
Mod Builder Group
Joined: 17 November 2002
Location: United States
Status: Offline
Points: 362
|
Post Options
Thanks(0)
Quote Reply
Posted: 03 October 2003 at 6:31pm |
 KCWebMonkey wrote:
well then, you prevent a certain IP address from logging in more that 5 times. there are always ways to make things work.... |
Yea and there's always ways to get around things.... if somebody uses two proxies and switch back and forth for every attempt could beat that security, unless you record every failed attempt's IP which might not be a good idea...
|
FeRnAN
|
|
KCWebMonkey
Senior Member
Go Chiefs!
Joined: 21 June 2002
Status: Offline
Points: 1319
|
Post Options
Thanks(0)
Quote Reply
Posted: 03 October 2003 at 6:53pm |
|
Ok, how about after 5 failed attempts at a certain IP ( IP's are recorded on failed attempts), then the account must be re-activated via email.
|
|
Bliss
Groupie
Joined: 25 April 2003
Location: United States
Status: Offline
Points: 181
|
Post Options
Thanks(0)
Quote Reply
Posted: 03 October 2003 at 7:53pm |
Gullanian wrote:
Ah yes but that way what if you hate someone else and login to there account 5 times a day on purpose to stop them coming on the site? |
Yeah, but see, with my way, every successful login will set the counter to 0, so you can login as many times at you want if you know the right password.
|
|
Hehehe...
|
|
