burger menu icon
WillMaster

WillMasterBlog > Content Protection

FREE! Coding tips, tricks, and treasures.

Possibilities weekly ezine

Get the weekly email website developers read:

 

Your email address

name@example.com
YES! Send Possibilities every week!

Login Security

With active password sniffing expected at public WiiFi spots, secure login is the responsible thing. Provide a secure form for your users so only encrypted text transits from your user's computer to your server. (And don't store passwords in cookies.)

Once a password is compromised, not only does the cracker gain access to the user's account at your website, but also at all other accounts on the internet the user has with the same password.

It could be argued that users are responsible for using a different password at every website. But I think it more fitting as a site owner to acknowledge the reality that some people, perhaps many, use the same password in more than one place.

With the login form on a secure page, the user's browser can report that the page is secure. But that is not what provides the login security.

What provides the login security is the form submitting to an https://... secure URL, to software located on a secure server. It is the submission of the username and password that needs the encryption provided by the secure server SSL connection.

For additional security, an account lockout of 2 hours could be implemented whenever more than 5 incorrect login attempts occur during a period of 15 minutes. Or whatever numbers are best for your implementation. The lockout can prevent continuous brute force password guessing attempts.

For security, login forms need to submit to login software on a secure server.

Will Bontrager

Was this blog post helpful to you?
(anonymous form)

Support This Website

Some of our support is from people like you who see the value of all that's offered for FREE at this website.

"Yes, let me contribute."

Amount (USD):

Tap to Choose
Contribution
Method

All information in WillMaster Blog articles is presented AS-IS.

We only suggest and recommend what we believe is of value. As remuneration for the time and research involved to provide quality links, we generally use affiliate links when we can. Whenever we link to something not our own, you should assume they are affiliate links or that we benefit in some way.

Recent Articles in the Library

Random Colored Circle

A colored circle changes its color to a randomly selected color from your list of colors.

Printed But Not Published

Include something that is not visible in the browser when someone prints your web page.

Download Link for Any File Type

Any file type can be downloaded with this link.

Secret Image File

An image can be loaded into a web page with its source URL never revealed.

Password Eye

All the code that is needed to implement an eye icon for a password field is here. Vital particulars have been addressed.

A Facebook Trick

How to make Facebook's bot rescan your page when you post or reply.

Form Debugging Assistant

Form Debugging Assistant is a handy tool. If you keep the JavaScript in a file on your server, it can be pulled into a web page whenever you need to debug a form.

How Can We Help You? balloons
How Can We Help You?
bullet Custom Programming
bullet Ready-Made Software
bullet Technical Support
bullet Possibilities Newsletter
bullet Website "How-To" Info
bullet Useful Information List

Blog Article Categories

© 1998-2001 William and Mari Bontrager
© 2001-2011 Bontrager Connection, LLC
© 2011-2025 Will Bontrager Software LLC