Archived on fri jan 28 11:55:24 2005
How to improve password security There are several ways you can improve password security Obviously, you should ensure that password files are kept safe Some other ways you can beef up password security:.. * Lock out an account after three failed login attempts Require the. user to contact the site administrator to reactivate the account. * Lock out an IP after a fixed number of failed login attempts. * Lock out an account if it has been accessed too frequently or from too many different IP blocks. * For high-security accounts, require a "captcha" to prove that every login attempt comes from a human. * Never give out more details than is necessary in error messages. For example, "incorrect username or password" is better than "incorrect password," because the latter reveals that the username exists, which is valuable information. * Do not allow passwords to be dictionary words. Also keep in mind that increasing security almost always comes at the cost of decreasing usability and a trade Off Has to Be Made Depending On Your Needs and this of Your Users. http://www.itmanagersjournal.com/Article.pl?sid=05/01/24/1652213
