[TYPO3-english] Typo3 BE login security

Steffen Müller typo3 at t3node.com
Thu Mar 25 15:22:48 CET 2010


Hi.

On 24.03.2010 22:46 Pero Matic wrote:
> IPs. I found nice extension that can disable account after n wrong u/p 
> attempts,

Bad idea, it opens the doors for DOS attacks.

If you can't filter by IP, using SSL/rsa auth and strong passwords is a 
good solution.
IMHO there's an extension which helps you to force usage of strong 
passwords: be_secure_pw (untested)
http://typo3.org/documentation/document-library/extension-manuals/be_secure_pw/0.2.0/view/
Although this could be improved, e.g. filtering against wordbooks.

Password lenght is very important. I suggest >12 chars

-- 
cheers,
Steffen

TYPO3 Blog: http://www.t3node.com/
Microblog:  http://twitter.com/t3node


More information about the TYPO3-english mailing list