Timeline for Logging failed login attempts exposes passwords
Current License: CC BY-SA 3.0
10 events
| when toggle format | what | by | license | comment | |
|---|---|---|---|---|---|
| Apr 22, 2013 at 12:43 | answer | added | anaximander | timeline score: 1 | |
| Apr 22, 2013 at 11:00 | history | tweeted | twitter.com/#!/StackProgrammer/status/326289468527095808 | ||
| Apr 22, 2013 at 9:51 | answer | added | Ben | timeline score: 1 | |
| Apr 22, 2013 at 9:29 | answer | added | galdikas | timeline score: 12 | |
| Apr 22, 2013 at 9:14 | comment | added | MSalters | Interesting question since it crosses UX and security. As noted in one of Michael's links, you can prevent most cases using Javascript (client-side). Disable the Login button while the password field is empty. Users without Javascript can still use the login screen that way, as the button will not be disabled in that case. | |
| Apr 22, 2013 at 7:53 | comment | added | user | Related: Passwords Being Sent in Clear Text Due to Users' Mistake in Typing it in the Username Field and Is it common practice to log rejected passwords?. | |
| Apr 22, 2013 at 4:08 | review | First posts | |||
| Apr 22, 2013 at 5:59 | |||||
| Apr 22, 2013 at 3:58 | comment | added | FoolishSeth | Yes you should worry about it. | |
| Apr 22, 2013 at 3:55 | answer | added | Mason Wheeler | timeline score: 65 | |
| Apr 22, 2013 at 3:49 | history | asked | kenwarner | CC BY-SA 3.0 |