How to detect misuse of a valid password

Question

How to detect misuse of a valid password

I am starting to evaluate a project in which I feel that security needs are a little closer to home. What tools and methods could I look to try to raise an alarm when a valid login is used, but the account holder gave it or stole it. I would prefer ASP.NET and then MVC 3, oriented material.

+3

security authentication asp.net

Profk Mar 09 '11 at 19:07

source share

5 answers

, ... , IP- . IP- , , , . , ( ) , IP- .

+1

Brilliand 09 . '11 19:16

(Chase) , cookie /. cookie , , , , . , cookie, .

+1

John Bledsoe 09 . '11 19:31

, , , .

0

vittore 09 . '11 19:22

, , , . , , . , , SSL

. , , 4 .
, : , , . . .
, IP- cookie . , . .

, 2 , .

, .

, SMS, , , , .

0

Enull 09 . '11 19:58

Chris allen lane · Accepted Answer · 2011-03-09T19:25:13+0000

This is not a silver bullet, but maybe you should consider using two-factor authentication. For example: when a user creates an account, you require that she provide you with a phone number where she can receive text messages as part of the registration process. Then, when she tries to log in, you give her a temporary authentication code that will be used in combination with her username and password.

This declares an additional level of security for the system, since an attacker must know his username and password and have physical access to his cell phone in order to compromise his account.

Hope this is helpful.

How to detect misuse of a valid password

More articles: