Sunday, 30 March 2008

Login failures

This security feature may well exist, but it is not something I have yet experienced:

Whilst many login systems have a 'disable account after x failed logins' feature, an added security feature would be to communicate to the user (once successfully logged in) how many failed logins there had been prior to this successful login (but below the account disable threshold). This is important as it is only the user that knows how many times they have failed - if they haven't then they know that someone has tried to get into their account and they know to change their password or alert security.

No comments: