Now when I try to log in I have to:
- Enter my account number
- Enter my secret code
- Answer my test question
- Verify my Icon is correct
- Enter my Password.
When it asked my "What was your high school name?", I wrote "Traverse City Senior High"
Had I known I would have to enter this every time, I would have written it down or organized in a way I could remember. Now I need to try:
- "Traverse City Central High"
- "Traverse City Central High School"
- "Traverse City Senior High"
- "Traverse City Senior High School"
They still have their SSL, I am sure they still have session_id based session variables, I am sure the are still protecting their form field inputs from SQL attacks. These new steps are solely for the purpose of driving away thieves and oh yeah, users!
So, here is the new tip I have on security.
Have each letter of both user name and password be typed on a separate page and they are forced to submit the POST variables every time. This will do some good things for your security. It will frustrate your users so bad, that no one will want to log in. If no one wants to log in, you have no need for your security. Eliminate want and interest, your security because more and more powerful, because it never even needs a workout.
Or how about this... I can give you a means to GUARANTEE your server is 100% secure from everyone!
If you unplug your server, open up the case, fill it with dirt, set it on fire, and bury it at least six feet below the ground in your basement. Recover the hole with cement, then write in your will that when you die, no one is allowed to sell the house.
2 comments:
Or just change every answer to "fuckyou" and smile with delight as you type it in over and over and over and over again :)
LOL
Hahahah.
Okay that was some funny stuff. lol.
Post a Comment