Quote:
|
Originally Posted by frankthetank
Thatīs interesting but I have to admit I canīt follow. If the owner of the password doesnīt share it, where do they get it from?
Is it a guess or do you think they use spy software?
Iīm not familiar with those problems because I donīt run a pasite yet, but Iīm building one. So itīs an interesting part for me.
|
Yes, basically I would classify it as a guess, that's why you do not want your members picking their own passwords.
You want to generate them a random pass. Makes it much harder for the hackers and their scripts to guess. They basically try thousands and thousands of user pass combos on your site until they find one that works. Another reason why you want to use something like proxypass. After one IP tries to log in unsuccessfully after so many times it bans that IP for a period of time.
Now as far as the old user pass, if someone tries to log in using the shared combination again, you send them to a fake members area.