E-mail List Archives
Re: Setting Up Accessible Log-In ForPassword ProtectedAreasOf A Website
From: darrel austin
Date: Aug 10, 2006 1:50PM
- Next message: Shawn Lawler: "Screen reader output for disabled form element?"
- Previous message: Howard, John Gideon: "Re: Online Security"
- Next message in Thread: None
- Previous message in Thread: None
- View all messages in this Thread
> Someone asked me recently what was a good alternate system for captcha that
> didn't leave the system vulnerable.
Vulnerable to what?
The only security issue I can think of is dictionary attacks. Ways
around that could include:
- forcing truly random passwords
- making sure the passwords are of an appropriate length
- don't allow a log-in attempt with the same username more than x times
over x minutes
In terms of preventing spam, the best way to handle that is on the back
end, rather than asking your legitimate users jump through hoops.
If they MUST use a captcha, talk them out of the cryptic distorted image
kinds. Often, a simple captcha will work just as well:
Enter the letter 'd' to prove you are a human: [__________]
Which has the bonus of being fairly accessible/usable.
-Darrel
- Next message: Shawn Lawler: "Screen reader output for disabled form element?"
- Previous message: Howard, John Gideon: "Re: Online Security"
- Next message in Thread: None
- Previous message in Thread: None
- View all messages in this Thread