[TYPO3-english] Typo3 BE login security
Steffen Müller
typo3 at t3node.com
Thu Mar 25 15:22:48 CET 2010
Hi.
On 24.03.2010 22:46 Pero Matic wrote:
> IPs. I found nice extension that can disable account after n wrong u/p
> attempts,
Bad idea, it opens the doors for DOS attacks.
If you can't filter by IP, using SSL/rsa auth and strong passwords is a
good solution.
IMHO there's an extension which helps you to force usage of strong
passwords: be_secure_pw (untested)
http://typo3.org/documentation/document-library/extension-manuals/be_secure_pw/0.2.0/view/
Although this could be improved, e.g. filtering against wordbooks.
Password lenght is very important. I suggest >12 chars
--
cheers,
Steffen
TYPO3 Blog: http://www.t3node.com/
Microblog: http://twitter.com/t3node
More information about the TYPO3-english
mailing list