Password Security
If I were to build a site that had customers log in. I'd simply setup 3 attempts then it locks.
Now that in theory is bad because if someone was trying to stop you from logging in to your account they can just do that nonstop.
The way it should be built is each user/member gets a unique URL login page. If 3 attempts happen and fail an e-mail is sent to the e-mail on file with a new URL login ready to be used right away with a warning to hit the forgot password button if they were the ones failing to login.
If that person also had their e-mail hacked no problem. After 3 generated URL's the account is locked until a call is made to us.
The word password as the password could be very hard to discover/hack if this was done. This is just my personal thinking.
Tell me if there are flaws in this logic?
Robin
you cant hold no groove if you ain't got no pocket.
"If you think you're the smartest person in the room, then you're probably in the wrong room."
Robin