WebApp Sec mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Summary: Growing Bad Practice with Login Forms

From: "Mike Peppard" <mpeppard () impole com>
Date: Fri, 30 Jul 2004 10:27:43 -0400

-----Original Message-----
From: David Wall @ Yozons, Inc. [mailto:dwall () yozons com] 
Sent: Thursday, July 29, 2004 6:45 PM
To: webappsec () lists securityfocus com
Subject: Re: Summary: Growing Bad Practice with Login Forms


Anyway, the your idea is out there already.


Both my bank and the stock trading company I use claim to use
"The best minds in the security industry" <quoted from my bank's
security page> and neither have used simple logic to evaluate
the implied assumptions of their login process. One wrong implied
assumption can be disastrous, but two or more can also give false
reassurance and be used in conjunction against you to deceive.

The thought of a password and "pass phrase" is a good beginning.
Previous By Date Next
Previous By Thread Next

Current thread: