Another option would be to add 2-factor authentication using TOTP.
(Time based One Time Passwords).
Users could use either Google Authenticator or Micorsoft's
Here is a link to some php code to implement it.
http://pablophg.net/2013/06/11/google-authenticator/
On Sun, Mar 9, 2014 at 5:19 PM, Chris <chris(a)g1fef.co.uk> wrote:
(Please trim inclusions from previous messages)
_______________________________________________
Over the past few weeks, the portal has been subject to several brute force attacks on
random usernames. In the past few days some accounts have been compromised because they
used weak passwords. The attackers didn't do anything with any of the compromised
accounts, it was most likely a script collecting valid usernames & passwords for later
use.
As a result I have tightened up security and some accounts will tell you that you need to
verify your email address when you try to login. Please follow the link to have the
verification email sent to you, then follow the instructions in the email when you receive
it.
Due to the enhanced security you will notice a CAPTCHA appears if you get your password
wrong a few times, if you continually get your password wrong, the response time for the
login process will get longer - this is intentional.
It would help greatly if you could use a strong password, one that is at least 12
characters in length and contains a mixture of letters, numbers and punctuation
characters, no "real" words and no "numbers instead of letters", e.g.
"numb3r".
Thanks,
Chris
_________________________________________
44Net mailing list
44Net(a)hamradio.ucsd.edu
http://hamradio.ucsd.edu/mailman/listinfo/44net
--
Neil Johnson
http://erudicon.com