473,320 Members | 1,978 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,320 software developers and data experts.

Security Best Practice on failed login attempts

Hi,
I am designing a login mechanism for a website. Presently, I am blocking the user account for 1 hour if there are 3 failed login attempts with-in 1 hour.
However, I want to know if there is any best practice that can be followed on failed login attempts.
Any help would be greatly helpful.
Thanks,
Dharmesh
Oct 12 '09 #1
1 4443
RedSon
5,000 Expert 4TB
Blocking someone access for an hour after 3 log in attempts is one way you can prevent DOS attacks, and also make it more difficult for a person to try dictionary based attacks.

Another way to do it is to add a CAPTCHA to the log in page to confirm that it's not a script that is attempting to log in.

Some websites lock accounts completely after 3-5 failed attempts while others use things like RSA SecurID.

There are several things that can be done. You should determine which one is going to work the best for your situation.
Oct 21 '09 #2

Sign in to post your reply or Sign up for a free account.

Similar topics

5
by: Wescotte | last post by:
I'm currently working on desiging several web based applications that would be grouped into a larger web based menu system. However I'm not sure exactly how to go about making it as secure as...
12
by: Angelos Karantzalis | last post by:
Is there a way to set Permissions based on user roles by using some configuration file for my application ? I'm coming from a Java background, where that could very easily be accomplished but...
5
by: Josh Armstrong | last post by:
I would like to setup a form that will log the users logging in to a db. The form and the Db will currently log the users if they complete the logon and get in. It will then log the entry, but...
4
by: Erich | last post by:
Hello I'm just wondering wich might be the best practice for realizing a login system. At the moment im having a object of self written type 'user' wich carrys user data like name, email and...
4
by: Ned Balzer | last post by:
Hi all, I am pretty new to asp.net; I've done lots of classic asp, but am just beginning to get my mind wrapped around .net. What I'd like to do is include some code that tests if a user is...
3
Frinavale
by: Frinavale | last post by:
Hi there, I don't know if anyone can help me but I've been trying to secure my VB.NET web application so that no outside applications can call my application's custom resources. Basically I...
4
by: wazdakka | last post by:
I have an Access application developed using Access 2003 that I am trying to distribute. I have used the Package and Deployment Wizard that comes with the Office 2003 Developers Kit, and have been...
1
by: Matt MacDonald | last post by:
Hi all, I've been debating for a while (basically since asp.net 2.0 came out) on using the built in mebership classes to handle user management in my web apps. I seem to keep coming upon...
3
by: SpaceMarine | last post by:
sorry for the near-dupe post (also in .security), but im desperately trying to find an answer to this... i am attempting to configure security for an intranet web application in ASP.NET 2. it...
0
by: ryjfgjl | last post by:
ExcelToDatabase: batch import excel into database automatically...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
1
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: Vimpel783 | last post by:
Hello! Guys, I found this code on the Internet, but I need to modify it a little. It works well, the problem is this: Data is sent from only one cell, in this case B5, but it is necessary that data...
0
by: ArrayDB | last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
1
by: PapaRatzi | last post by:
Hello, I am teaching myself MS Access forms design and Visual Basic. I've created a table to capture a list of Top 30 singles and forms to capture new entries. The final step is a form (unbound)...
1
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
1
by: Shællîpôpï 09 | last post by:
If u are using a keypad phone, how do u turn on JavaScript, to access features like WhatsApp, Facebook, Instagram....
0
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome former...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.