Whilst many login systems have a 'disable account after x failed logins' feature, an added security feature would be to communicate to the user (once successfully logged in) how many failed logins there had been prior to this successful login (but below the account disable threshold). This is important as it is only the user that knows how many times they have failed - if they haven't then they know that someone has tried to get into their account and they know to change their password or alert security.
Sunday 30 March 2008
Login failures
Whilst many login systems have a 'disable account after x failed logins' feature, an added security feature would be to communicate to the user (once successfully logged in) how many failed logins there had been prior to this successful login (but below the account disable threshold). This is important as it is only the user that knows how many times they have failed - if they haven't then they know that someone has tried to get into their account and they know to change their password or alert security.
Subscribe to:
Post Comments (Atom)
Posts
No comments:
Post a Comment