uk-netmarketing Archive (2011-2015)

Hi Chris,

Very much agree with Ty.  I got locked out of Facebook last week whilst
traveling and they had an interesting method of allowing me back into my
account (although, admittedly it was a bit long-winded and frustrating).
They showed me images of people who are connected to me and asked me to
identify them by giving me a multiple choice of names.  If you get 3 out of
5 attempts correct, they let you back into your account if not, you get
locked out forever (I presume!).

Something along the lines of this but using a secret password would work
well so as not to alienate your customers.

Saludos,

Suzy 

Suzy Turnbull (Dip Dig M)
Managing Director
E: Marketing Tactics

Email:       sturnbull at emarketing-tactics.com
Web:         http:// <http://emarketing-tactics.com> emarketing-tactics.com
<http://emarketing-tactics.com>
Tel:            +(507) 265 3508 | +(507) 6480 3623
Skype:       suzyturnbull
Linked In:  http://pa.linkedin.com/in/suzyturnbull
<http://pa.linkedin.com/in/suzyturnbull>

 

From:  Ty-John Roberts <ty at addicted2tv.com>
Reply-To:  uk-netmarketing <uk-netmarketing at mm.chinwag.com>
Date:  Monday, December 3, 2012 10:13 AM
To:  uk-netmarketing <uk-netmarketing at mm.chinwag.com>
Subject:  Re: [uk-netmarketing] Locking customers out of accounts after bad
logins

Hi Chris

3 is the norm IMO.

Why would you lock a user out though? Isn't banning fa bit harsh for your
'user group'? Fear this leads to alienation...

Is there a 'forgot pass' feature which takes you through the reset online?

Have you thought about password hints, like 'type the first letter of your
password' , 'type the n-teenth letter of your password'

Ty







Ty-John Roberts
Digital Director
Helping improve the way people experience your brand digitally

www.addicted2tv.com <http://www.addicted2tv.com/>
 <http://www.addicted2tv.com/> ddi: 01279 444040
http://www.linkedin.com/in/tyjohnroberts

 <http://www.linkedin.com/in/tyjohnroberts> The information transmitted is
intended only for the person or entity to which it is addressed and may
contain confidential and/or privileged material. Any review, transmission,
dissemination or other use of, or taking of any action in reliance upon,
this information by persons or entities other than the intended recipient is
prohibited. If you received this in error, please contact the sender and
delete the material from any computer.

Any views or opinions are solely those of the author and do not necessarily
represent those of Addicted2tv Limited unless specifically stated.




On 29 Nov 2012, at 11:47, Chris Baker wrote:

Hi'y'all
I'm working on a system which currently locks customers out of their
accounts if they exceed a certain number of bad login attempts. They then
can't use their account until unlocked again.

Currently, customer services get too many calls to unlock people, so its not
working quite right. We are discussing how to tweak it, and I wondered
whether anyone on this list has experience that might guide us.

At present, we simply count up all your bad logins since your account
opened. No mistake is ever forgotten. When you exceed a certain number, the
system locks you out, and this is permanent, until someone unlocks you.

We're discussing changing this to a system where bad logins are scored
against you, but your bad login score is reduced back to 0 when you log in
correctly. So Mr Fatfingers, who often mis-types his password wrongly the
first time then gets it the second time will no longer be locked out. We
also plan to make the lockout last for only a certain amount of time, rather
then "until over-ridden".

The question is therefore:
*How many bad attempts at logging in is reasonable (e.g. 3 strikes and
you're out? more? less?)
*How long a ban from the system is reasonable? (an hour? A day? More? Less?)

I'd like an outside perspective on those settings if possible - otherwise
you can end up at a meeting where several people are stubbornly dug in with
their arbitrary ideas, and nobody has any data to resolve anything. If
anyone has operated similar lockout logic, I'd be interested to hear how it
went.

The other thing we need to settle is how much to tell the users. A message
saying "Sorry, you have exceeded X bad logins and will now be locked out of
the system for Y hours" is helpful to forgetful genuine users, but also to
any hackers.

What are we defending? Once inside the system you can see the names of
people in the organization, and some stuff about their progress through
fairly standard processes. So you could potentially use this for bad stuff,
as well as annoying the user whose account you've hacked by trashing their
work. You can't see people's addresses, credit card info or other very
highly abusable data.


be interested to see your ideas, many thanks.


-- 
Chris Baker
Chris Baker Project Management Ltd.

~~ Chinwag Jobs: Find your perfect new job or next team member ~~

Chinwag Jobs is the leading specialist recruitment website for digital
roles in the UK. Used by major companies such as BBC, Electronic
Arts, Kingston University as well as the majority of recruitment
agencies who place staff in the sector.

Take a look through our listings or register to advertise your
own vacancies today.

>> CHINWAG JOBS: http://jobs.chinwag.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
You're subscribed to uk-netmarketing to change your options or
unsubscribe: https://mm.chinwag.com/options/uk-netmarketing

uk-netmarketing discussion list is powered by http://chinwag.com

~~ Chinwag Jobs: Find your perfect new job or next team member ~~ Chinwag
Jobs is the leading specialist recruitment website for digital roles in the
UK. Used by major companies such as BBC, Electronic Arts, Kingston
University as well as the majority of recruitment agencies who place staff
in the sector. Take a look through our listings or register to advertise
your own vacancies today. >> CHINWAG JOBS: http://jobs.chinwag.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ You're subscribed to
uk-netmarketing to change your options or unsubscribe:
https://mm.chinwag.com/options/uk-netmarketing uk-netmarketing discussion
list is powered by http://chinwag.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.chinwag.com/pipermail/uk-netmarketing/attachments/20121205/6220d48b/attachment.html>