uk-netmarketing Archive (2011-2015)
[uk-netmarketing] Locking customers out of accounts after bad logins
Adrian Howard adrianh at quietstars.comThu Dec 6 21:34:44 GMT 2012
- Previous message: [uk-netmarketing] Leaving UKNM? You must be joking!
- Next message: [uk-netmarketing] Locking customers out of accounts after bad logins
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi Chris, On 29 November 2012 11:47, Chris Baker <chris at chrisjbaker.co.uk> wrote: > I'm working on a system which currently locks customers out of their > accounts if they exceed a certain number of bad login attempts. They then > can't use their account until unlocked again. You might find http://ux.stackexchange.com/a/25674/597 of interest ;) In general locking accounts often causes more problems than it solves in my experience. It many cases it turns cracking attacks into DOS attacks as multiple users get locked out. A better approach in my experience is to throttle the login attempts. This kills bulk cracking attempts, lets valid users still login, and prevents mass-lockouts that can cause major support/PR hassles. Cheers, Adrian -- http://quietstars.com adrianh at quietstars.com twitter.com/adrianh t. +44 (0)7752 419080 skype adrianjohnhoward pinboard.in/u:adrianh
- Previous message: [uk-netmarketing] Leaving UKNM? You must be joking!
- Next message: [uk-netmarketing] Locking customers out of accounts after bad logins
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the uk-netmarketing mailing list
