E-mail List Archives

You are here: Home > Community > E-mail List Archives > View Thread

Thread: Re: Setting Up Accessible Log-In ForPassword ProtectedAreasOf A Website

Number of posts in this thread: 1 (In chronological order)

From: darrel austin
Date: Thu, Aug 10 2006 1:50PM
Subject: Re: Setting Up Accessible Log-In ForPassword ProtectedAreasOf A Website
No previous message | No next message

> Someone asked me recently what was a good alternate system for captcha that
> didn't leave the system vulnerable.
Vulnerable to what?

The only security issue I can think of is dictionary attacks. Ways
around that could include:

- forcing truly random passwords
- making sure the passwords are of an appropriate length
- don't allow a log-in attempt with the same username more than x times
over x minutes

In terms of preventing spam, the best way to handle that is on the back
end, rather than asking your legitimate users jump through hoops.

If they MUST use a captcha, talk them out of the cryptic distorted image
kinds. Often, a simple captcha will work just as well:

Enter the letter 'd' to prove you are a human: [__________]

Which has the bonus of being fairly accessible/usable.

-Darrel