2 factor authentication
Kevin Fenzi
kevin at scrye.com
Fri Sep 6 14:58:49 UTC 2013
On Fri, 6 Sep 2013 08:23:06 +0800
Christopher Meng <cickumqt at gmail.com> wrote:
> Wow... that would be great. This is the most serious case we should
> care about.
>
> IMHO We should pretend to be "normal" when we meet such case like
> mailman subscribe, but I think we also should notify users when
> $(TIMES) times wrong password entered. $(TIMES) can be set by users,
> after limited times if wrong password comes again we should block the
> IP.
>
> My blog use plugin with my modification:
>
> If attacker has entered wrong password for 1 times(I set it to 1
> because this case is suitable for me), then if attacker tries to
> storm my account for the third time, its IP will be blocked 10000
> mins. So I won't receive too many emails about failed login attempt,
> but I don't know if Fedora Infra wants to support this way...
I dislike lockouts like this because someone can spoof your IP and
block you from logging in.
kevin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: <http://lists.fedoraproject.org/pipermail/infrastructure/attachments/20130906/35e88143/attachment.sig>
More information about the infrastructure
mailing list