After the first or second attempt require the user to enter some
random letters that appear in a graphic. Try www.gmail.com. After a
few bad logins it makes you enter letters from a graphic. That will
keep bots from retrying without human intervention.
~Paul
On 4/12/05, Jason binger <cisspstudy_at_yahoo.com> wrote:
> I have a customer that generates UserIDs as numbers
> sequentially for a critical application. They
> implement account lockout and I am concerned that
> someone could launch a DOS and lockout all the user
> accounts.
>
> What would people recommend for a user ID generation
> method.
>
> I was thinking UserIDs should be randomly generated
> from a large alpha-numeric keyspace, but how big
> should the keyspace be?
> What would the size of the keyspace need to be if it
> was only numeric?
>
> Any other thoughts appreciated.
>
> Cheers,
>
>
> __________________________________
> Do you Yahoo!?
> Yahoo! Small Business - Try our new resources site!
> http://smallbusiness.yahoo.com/resources/
>
Received on Apr 18 2005
Intro
