Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Multiple Login Attempts


aldaffodil

Recommended Posts

Hello. Does anyone know how to lock accounts after multiple failed login attempts? This is a requirement for PCI compliance, so I'm sure I'm not the only one that needs to do this. I looked through the contributions and couldn't find anything. Has anyone already modified their site to do this?

 

Thanks in advance!

Link to comment
Share on other sites

not sure if a contribution exists but if you could do it by setting up an extra field for the customers_info table to record the number of consecutive failed logon attempts. Then you add a control field under the osc admin customers script to switch on/off accounts and for the front end you need to modify the login page to keep track of the failed attempts and reset the fields accordingly as well as to display an error page or string.

Link to comment
Share on other sites

If the account gets locked for multiple failed login attempts, how would it be unlocked? Timeout (1hr.etc.) or Admin release?

 

What benefit does it serve to lockout an account in this case? The user can't log in anyway, so what's the harm to let them try 1,000 times?

 

(I personally hate sites that lock you out after 3 attempts. My satellite (Dish Network) does that with password protected (for kids) channels. If I'm in a hurry to switch channels and key in the wrong password 3x, it locks me out for 15 minutes. Who was the brainiac who thought up that time period. I missed 15 min. of the show by the time it released it.)

Link to comment
Share on other sites

Well believe me, I wouldn't do it if it wasn't a requirement for accepting credit cards. Isn't anyone else having to pass PCI compliance? I got a notice from my credit card company saying it was required if I was to accept visa/mc.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...