News Feed
Sections




News Archive
Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Anna Filina:
Brute-force countermeasures
June 11, 2014 @ 10:09:10

In her latest post Anna Filina has made some recommendations of countermeasures you can use to help prevent abuse against brute force attacks in your applications. The recommendations aren't PHP-specific, but they're a good guide and a place to start.

Password brute-forcing refers to trying all password permutations until the attacker finds the right one. Here are some of the most common ways to mitigate that risk: increase the length of the password and increase the number of possible characters. [...] The human factor should not be ignored here. People often use letters in the beginning and numbers at the end.

She recommends a few other tactics to helping prevent the brute forcing including locking an account after a number of unsuccessful login attempts and requiring a CAPTCHA after a number of unsuccessful logins. She recommends not relying on a single method to help prevent this kind of attack, however. Multiple layers can only help, but be careful not to introduce too much complexity.

0 comments voice your opinion now!
brute force attack countermeasure password

Link: http://afilina.com/brute-force-countermesures

blog comments powered by Disqus

Similar Posts

Padraic Brady's Blog: Nanosecond Scale Remote Timing Attacks On PHP Apps: Take Them Seriously?

PHP.net: PHP 5.4.3 and PHP 5.3.13 Released!

IBM developerWorks: PHP encryption for the common man

Templora.com: Basic PHP Script Security

ITNewb.com: Encrypting Passwords with PHP for Storage Using the RSA PBKDF2 Standard


Community Events





Don't see your event here?
Let us know!


framework package install tips release introduction zendserver symfony deployment interview unittest series community api language opinion bugfix library laravel podcast

All content copyright, 2014 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework