Alternate_login module does not provide a security benefit
Responding to Lauramba's Using Alternate Login Module to Protect Your Site (she doesn't have comments enabled, so in addition to e-mailing through her contact form I'm posting here for posterity).
Hi Laura,
I agree with your post in theory, as in that approach would be a good idea, but alternate_login module doesn't do that– it still allows people to log in with the regular username, so it actually increases the chances people can guess a correct login.
"Note that users can still login with their normal username--this just adds the option of another login name. Also note that an alternate login name may not be equivalent to any other current alternate login name, nor any current username."
I do not understand the point of alternate_login without it doing what you say, but apparently it doesn't.
Configuring the site to use an alternate *display* name would instead be more effective, with the way it currently works.
benjamin
Comments
Post new comment