Re: locking user out after 3 incorrect attempts to log in

Tue, 15 Jun 2004 06:54:33 -0700

Archive: http://www.houseoffusion.com/lists.cfm/link=i:4:166661
---
This is a bit of a tangent to this topic, but I'm curious whether I'm the only person out there who gets annoyed by systems that employ this technique. The system we built at my old dot.com company employed this technique, and it drove our clients crazy (which in turn drove us developers crazy).

The idea, I assume, is that if someone is unsuccessful logging in three times in a row, they must not be a valid user. Its my experience that the VAST majority of the time, the person getting locked out is a valid user who made an innocent mistake trying to login. The 3 strikes and your out schema seems to be a bit outdated, and causes more harm (annoyance) than good.

Just curious what you all thought about this.

Brian
  From: Steve Nelson
  To: CF-Talk
  Sent: Tuesday, June 15, 2004 8:41 AM
  Subject: RE: locking user out after 3 incorrect attempts to log in

  Archive: http://www.houseoffusion.com/lists.cfm/link=i:4:166657
  ---
  Cookies are definitely not the only solution.

  This would make an interesting CF contest. Who ran that CF contest a couple
  months ago?

  Steve Nelson

    _____  

  From: Pascal Peters [mailto:[EMAIL PROTECTED]
  Sent: Tuesday, June 15, 2004 3:24 AM
  To: CF-Talk
  Subject: RE: locking user out after 3 incorrect attempts to log in

  Archive: http://www.houseoffusion.com/lists.cfm/link=i:4:166613
  ---
  I see you are using session vars, so I would recommend
  session.times_logged_on.

  But that aside, you have to realize that there is no way of really
  blocking more than x attempts to log in on a web app. All methods you
  can come up with will rely on cookies to track that and the user can
  manipulate those on his machine. If some site tells me I had too many
  attempts, I just delete the cookies for that site and happily continue
  logging in.

  Pascal

  > -----Original Message-----
  > From: Doug James [mailto:[EMAIL PROTECTED]
  > Sent: maandag 14 juni 2004 21:36
  > To: CF-Talk
  > Subject: Re: locking user out after 3 incorrect attempts to log in
  >
  > Christy, Welcome to the wonderful world of CF, speaking for
  > everyone on the list we hope you enjoy it and will stay and
  > even recruit some friends.
  >
  > Regarding you problem, check out
  > http://www.teratech.com/coldcuts/cutdetail.cfm?cutid=291
  >
  > Doug
  >
  > Christy wrote:

    _____
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]

Reply via email to