Re: 2 factor authentication

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



在 2013-9-6 AM3:25,"Tristan Santore" <tristan.santore@xxxxxxxxxxxxxxxxxxxxx>写道:

> I have another idea. Could we not do a password check, and if the
> password is correct, provide the 2fa interface, if then a user does
> not enter the 2fa, an email is send to the actual user informing of a
> failed login attempt, with the date and time and maybe IP ?
>
> Does this sound more secure to anyone else ?

Wow... that would be great. This is the most serious case we should care about.

IMHO We should pretend to be "normal" when we meet such case like mailman subscribe, but I think we also should notify users when $(TIMES) times wrong password entered. $(TIMES) can be set by users, after limited times if wrong password comes again we should block the IP.

My blog use plugin with my modification:

If attacker has entered wrong password for 1 times(I set it to 1 because this case is suitable for me), then if attacker tries to storm my account for the third time, its IP will be blocked 10000 mins. So I won't receive too many emails about failed login attempt, but I don't know if Fedora Infra wants to support this way...

_______________________________________________
infrastructure mailing list
infrastructure@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/infrastructure

[Index of Archives]     [Fedora Development]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [KDE Users]

  Powered by Linux