MozillaWiki

WebAppSec/MozSecureWorld: Difference between revisions

Page Discussion

WebAppSec/MozSecureWorld (view source)

Revision as of 21:41, 16 June 2011

160 bytes added ,  16 June 2011
→‎Authentication
Line 15: Line 15:
== Security Components & Controls ==
== Security Components & Controls ==
=== Authentication ===
=== Authentication ===
* Brute force prevention via adaptive CAPTCHA
* Brute force prevention via adaptive CAPTCHA - track failed logins by IP address (attacker from one IP guessing "password" on all useraccounts) and by user account (Joe has 3 failed logins)
* Password storage via bcrypt and system nonce
* Password storage via bcrypt (fred wenzel) and system nonce
* Account creation with blacklisted password support
* Account creation with blacklisted password support
* (Possible) Secure Password Reset  
* (Possible) Secure Password Reset  
Haoqili
67

edits

Retrieved from "https://wiki.allizom.org/Special:MobileDiff/320102"