Hello Ev1.
I want more secure way to login to members.ev1.net. There are much servers listed in my account. Let's say if somebody tried to login as my Login ID and he/she succeeded. Since there have been a lot of trouble tickets with password info (in some TT), he/she could control most of my servers.
Login ID:
Password:
and...
Email Address: ?
Phone Number: ?
to login.
OR,
possibility to set own 2nd authentication name and password after the first authentication.
Thank you.
Spencer
Full Version: Want more secure way to login to Members Page
That really doesn't make it any more secure. The username/password transaction is already encrypted against anybody listening to the connect, and if they've got your password then they can get any other info they need. Just change your password often and keep it secret.
Is there any lock system if user failed to login few (maybe 3 or 4) times like Web Banking? I at least want EV1 to consider a little more securities on members.ev1.net. LOGS of login history page, unique authentication....
RE: LostCluster
Thank you for your reply. However I don't like "JUST DO" stuff. "JUST DO" stuff sometimes make people disappointed. I also would like to say that: I believe "encryption" is already a standard security in the world. So I believe "Encrypted" is already an old-fashioned way to talk about SECURITY.
Or maybe I am too worried...?
Spencer
Thank you.
RE: LostCluster
Thank you for your reply. However I don't like "JUST DO" stuff. "JUST DO" stuff sometimes make people disappointed. I also would like to say that: I believe "encryption" is already a standard security in the world. So I believe "Encrypted" is already an old-fashioned way to talk about SECURITY.
Or maybe I am too worried...?
Spencer
Thank you.
You might be on to something in that EV1 should be at least keeping track of failed login attempts to detect anybody trying to brute force attack their way into account... but a lockout after three bad attempts might be too extreme. Imagine somebody who has a downed server and while dripping with sweat who mistypes their password three times. Now, even the authorized user can't get to their account... that's not good either.
Security is a balance between keeping the bad guys out, but also making sure the good guys can get in. The more complex you make the logon process, the less accessable the service becomes. If EV1 wanted to totally secure the members area, they could just unplug the network wire in the back of its server... but that wouldn't provide very good service to the members.
Security is a balance between keeping the bad guys out, but also making sure the good guys can get in. The more complex you make the logon process, the less accessable the service becomes. If EV1 wanted to totally secure the members area, they could just unplug the network wire in the back of its server... but that wouldn't provide very good service to the members.
QUOTE
Originally posted by LostCluster
You might be on to something in that EV1 should be at least keeping track of failed login attempts to detect anybody trying to brute force attack their way into account... but a lockout after three bad attempts might be too extreme. Imagine somebody who has a downed server and while dripping with sweat who mistypes their password three times. Now, even the authorized user can't get to their account... that's not good either.
You might be on to something in that EV1 should be at least keeping track of failed login attempts to detect anybody trying to brute force attack their way into account... but a lockout after three bad attempts might be too extreme. Imagine somebody who has a downed server and while dripping with sweat who mistypes their password three times. Now, even the authorized user can't get to their account... that's not good either.
I'm not sure how flexible their system is, but if they could do it, I would go for locking you out after even one failed attempt. Then they could have it automatically send an email to the email address you signed up with that would say something like this:
-----------------------------
Attention:
There has been a failed login attempt at 13:07:56 from IP address 127.0.0.1. If you believe someone other than yourself has made this attempt then blah blah blah tips on being more secure blah blah blah.
To unlock your login information, click the link below:
https://ev1servers.net/members/unlock.asp?x...erystringthingy
-----------------------------
RE: LostCluster
Thanks for your reply. I agree with you. YES! the balance is an important. But your opinion seems to be the same, "JUST KEEP IT SIMPLE AS IT IS". So I would like EV1 to add OPTION to increase the security like I said. Some ISP gives you option to add strong SPAM blocking to your email address. Something like this. Just an option. Then the user can enable/disable the feature. (Very balanced isn't it?) Well... it's my opinion.
RE: gummyAvenger
This is a great idea! I like your opinion!
Thank you!
Spencer
Thanks for your reply. I agree with you. YES! the balance is an important. But your opinion seems to be the same, "JUST KEEP IT SIMPLE AS IT IS". So I would like EV1 to add OPTION to increase the security like I said. Some ISP gives you option to add strong SPAM blocking to your email address. Something like this. Just an option. Then the user can enable/disable the feature. (Very balanced isn't it?) Well... it's my opinion.
RE: gummyAvenger
This is a great idea! I like your opinion!
Thank you!
Spencer
Keep the login the same, but do not echo the passwords.
Chet
Chet
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.