aldaffodil Posted January 13, 2007 Share Posted January 13, 2007 Hello. Does anyone know how to lock accounts after multiple failed login attempts? This is a requirement for PCI compliance, so I'm sure I'm not the only one that needs to do this. I looked through the contributions and couldn't find anything. Has anyone already modified their site to do this? Thanks in advance! Link to comment Share on other sites More sharing options...
Guest Posted January 13, 2007 Share Posted January 13, 2007 not sure if a contribution exists but if you could do it by setting up an extra field for the customers_info table to record the number of consecutive failed logon attempts. Then you add a control field under the osc admin customers script to switch on/off accounts and for the front end you need to modify the login page to keep track of the failed attempts and reset the fields accordingly as well as to display an error page or string. Link to comment Share on other sites More sharing options...
videobus Posted January 14, 2007 Share Posted January 14, 2007 If the account gets locked for multiple failed login attempts, how would it be unlocked? Timeout (1hr.etc.) or Admin release? What benefit does it serve to lockout an account in this case? The user can't log in anyway, so what's the harm to let them try 1,000 times? (I personally hate sites that lock you out after 3 attempts. My satellite (Dish Network) does that with password protected (for kids) channels. If I'm in a hurry to switch channels and key in the wrong password 3x, it locks me out for 15 minutes. Who was the brainiac who thought up that time period. I missed 15 min. of the show by the time it released it.) Link to comment Share on other sites More sharing options...
aldaffodil Posted January 14, 2007 Author Share Posted January 14, 2007 Well believe me, I wouldn't do it if it wasn't a requirement for accepting credit cards. Isn't anyone else having to pass PCI compliance? I got a notice from my credit card company saying it was required if I was to accept visa/mc. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.