burger menu icon
WillMaster

WillMasterBlog > Content Protection

FREE! Coding tips, tricks, and treasures.

Possibilities weekly ezine

Get the weekly email website developers read:

 

Your email address

name@example.com
YES! Send Possibilities every week!

Login Security

With active password sniffing expected at public WiiFi spots, secure login is the responsible thing. Provide a secure form for your users so only encrypted text transits from your user's computer to your server. (And don't store passwords in cookies.)

Once a password is compromised, not only does the cracker gain access to the user's account at your website, but also at all other accounts on the internet the user has with the same password.

It could be argued that users are responsible for using a different password at every website. But I think it more fitting as a site owner to acknowledge the reality that some people, perhaps many, use the same password in more than one place.

With the login form on a secure page, the user's browser can report that the page is secure. But that is not what provides the login security.

What provides the login security is the form submitting to an https://... secure URL, to software located on a secure server. It is the submission of the username and password that needs the encryption provided by the secure server SSL connection.

For additional security, an account lockout of 2 hours could be implemented whenever more than 5 incorrect login attempts occur during a period of 15 minutes. Or whatever numbers are best for your implementation. The lockout can prevent continuous brute force password guessing attempts.

For security, login forms need to submit to login software on a secure server.

Will Bontrager

Was this blog post helpful to you?
(anonymous form)

Support This Website

Some of our support is from people like you who see the value of all that's offered for FREE at this website.

"Yes, let me contribute."

Amount (USD):

Tap to Choose
Contribution
Method

All information in WillMaster Blog articles is presented AS-IS.

We only suggest and recommend what we believe is of value. As remuneration for the time and research involved to provide quality links, we generally use affiliate links when we can. Whenever we link to something not our own, you should assume they are affiliate links or that we benefit in some way.

Recent Articles in the Library

File Uploader

This file uploader is complete as one PHP script. No external modules or classes are required. Optional login for private use.

Fun Jumper

This fun jumper is easy to implement. Paste the code into one of your web pages. When you are ready to define your own content, replace the image tag.

The HTML optgroup Tag

The HTML <optgroup> tag allows you to group items in a dropdown list.

Determining Div Location

I generally get the location and dimension numbers of a div with the JavaScript getBoundingClientRect() function. Then access the numbers I need from the function's return value.

Site-wide Login System

A site-wide log-in system that lets pretty much any directory be password protected.

Image Show

With the no-custimizations-required script, it is now relatively easy to show off a series of images on your web page.

A Variables Dump

This PHP function returns details about the variable that is being dumped.

How Can We Help You? balloons
How Can We Help You?
bullet Custom Programming
bullet Ready-Made Software
bullet Technical Support
bullet Possibilities Newsletter
bullet Website "How-To" Info
bullet Useful Information List

Blog Article Categories

© 1998-2001 William and Mari Bontrager
© 2001-2011 Bontrager Connection, LLC
© 2011-2026 Will Bontrager Software LLC