uk-netmarketing Archive (2011-2015)
[uk-netmarketing] Locking customers out of accounts after bad logins
Ty-John Roberts ty at addicted2tv.comMon Dec 3 15:13:40 GMT 2012
- Previous message: [uk-netmarketing] Leaving UKNM? You must be joking!
- Next message: [uk-netmarketing] Locking customers out of accounts after bad logins
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi Chris 3 is the norm IMO. Why would you lock a user out though? Isn't banning fa bit harsh for your 'user group'? Fear this leads to alienation... Is there a 'forgot pass' feature which takes you through the reset online? Have you thought about password hints, like 'type the first letter of your password' , 'type the n-teenth letter of your password' Ty Ty-John Roberts Digital Director Helping improve the way people experience your brand digitally www.addicted2tv.com ddi: 01279 444040 http://www.linkedin.com/in/tyjohnroberts The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, transmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any computer. Any views or opinions are solely those of the author and do not necessarily represent those of Addicted2tv Limited unless specifically stated. On 29 Nov 2012, at 11:47, Chris Baker wrote: Hi'y'all I'm working on a system which currently locks customers out of their accounts if they exceed a certain number of bad login attempts. They then can't use their account until unlocked again. Currently, customer services get too many calls to unlock people, so its not working quite right. We are discussing how to tweak it, and I wondered whether anyone on this list has experience that might guide us. At present, we simply count up all your bad logins since your account opened. No mistake is ever forgotten. When you exceed a certain number, the system locks you out, and this is permanent, until someone unlocks you. We're discussing changing this to a system where bad logins are scored against you, but your bad login score is reduced back to 0 when you log in correctly. So Mr Fatfingers, who often mis-types his password wrongly the first time then gets it the second time will no longer be locked out. We also plan to make the lockout last for only a certain amount of time, rather then "until over-ridden". The question is therefore: *How many bad attempts at logging in is reasonable (e.g. 3 strikes and you're out? more? less?) *How long a ban from the system is reasonable? (an hour? A day? More? Less?) I'd like an outside perspective on those settings if possible - otherwise you can end up at a meeting where several people are stubbornly dug in with their arbitrary ideas, and nobody has any data to resolve anything. If anyone has operated similar lockout logic, I'd be interested to hear how it went. The other thing we need to settle is how much to tell the users. A message saying "Sorry, you have exceeded X bad logins and will now be locked out of the system for Y hours" is helpful to forgetful genuine users, but also to any hackers. What are we defending? Once inside the system you can see the names of people in the organization, and some stuff about their progress through fairly standard processes. So you could potentially use this for bad stuff, as well as annoying the user whose account you've hacked by trashing their work. You can't see people's addresses, credit card info or other very highly abusable data. be interested to see your ideas, many thanks. -- Chris Baker Chris Baker Project Management Ltd. ~~ Chinwag Jobs: Find your perfect new job or next team member ~~ Chinwag Jobs is the leading specialist recruitment website for digital roles in the UK. Used by major companies such as BBC, Electronic Arts, Kingston University as well as the majority of recruitment agencies who place staff in the sector. Take a look through our listings or register to advertise your own vacancies today. >> CHINWAG JOBS: http://jobs.chinwag.com ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ You're subscribed to uk-netmarketing to change your options or unsubscribe: https://mm.chinwag.com/options/uk-netmarketing uk-netmarketing discussion list is powered by http://chinwag.com -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mm.chinwag.com/pipermail/uk-netmarketing/attachments/20121203/5ea7ad8c/attachment.html>
- Previous message: [uk-netmarketing] Leaving UKNM? You must be joking!
- Next message: [uk-netmarketing] Locking customers out of accounts after bad logins
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the uk-netmarketing mailing list
