User login

Home
 Alternate_login module does not provide a security benefit

Alternate_login module does not provide a security benefit

Submitted by Benjamin Melançon on October 2, 2008 - 6:57pm
in

Responding to Lauramba's Using Alternate Login Module to Protect Your Site (she doesn't have comments enabled, so in addition to e-mailing through her contact form I'm posting here for posterity).

Hi Laura,

I agree with your post in theory, as in that approach would be a good idea, but alternate_login module doesn't do that– it still allows people to log in with the regular username, so it actually increases the chances people can guess a correct login.

"Note that users can still login with their normal username--this just adds the option of another login name. Also note that an alternate login name may not be equivalent to any other current alternate login name, nor any current username."

I do not understand the point of alternate_login without it doing what you say, but apparently it doesn't.

Configuring the site to use an alternate *display* name would instead be more effective, with the way it currently works.

benjamin

Resolution

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
  • You may post code using <code>...</code> (generic) or <?php ... ?> (highlighted PHP) tags.
  • You can use Markdown syntax to format and style the text. Also see Markdown Extra for tables, footnotes, and more.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <img> <blockquote> <small> <h2> <h3> <h4> <h5> <h6> <sub> <sup> <p> <br> <strike> <table> <tr> <td> <thead> <th> <tbody> <tt> <output>
  • Lines and paragraphs break automatically.

More information about formatting options

By submitting this form, you accept the Mollom privacy policy.