Quote:
If current information was posted, Strongbox or Pennywise reps would ajust their code. We are not on Pennywise or Strongboxes payroll to offer them security advice. Its their product not ours, we just bypass their once tough security.
3 attempts per is difficult for a fresh crack. Thats when our prior successful hits on a site are used. Prior successful hits only need 1 try. Constantly contacting members over log on problems is annoying. Your customers will think you run a unsecure micky mouse operation.
Teentopanga finally gave up after realizing their OCR wasn't as secure as they thought. Some sites completely gave up on updating security. After security has been breached is when you realize you wasted $$.
|
No members area software will EVER 100% protect the member areas from brute force attacks or password leaks. It will always happen.
We don't have many issues with login problems. If they are having problems already it's not like they know I have them blocked. The 10 seconds it takes to pull up the record and assist the member is worth it. I have almost no login complaints because I assist them first. Having it set lower allows me to assist them faster.
With Strongbox you can try once, but after your proxy/ip has tried 3 usernames incorrectly it blocks your IP. So each IP only has 3 chances before you are blocked from the system. It's very very easy to spot if it's the real member having problems, a real pw leak (which is very rare), or a brute force attack, which I can ignore.
If I happen to get a pw leak, strongbox emails me, and in a click of a button a new pw is set and emailed to the member.
Password sites are only a threat to people that don't have software protection.. The BW cost they create can be made up by putting some ads on your 401/bad pages or redirect known bad usernames to a fake members area, spam page, 404 page, etc.