Hi Chamila, In current implementation of the locking account because of reaching max attempts, we are sending a mail, right ? What we expect from that mail ? Shall we add this unlock link within that mail too.
thanks *Harsha Thirimanna* Associate Tech Lead; WSO2, Inc.; http://wso2.com * <http://www.apache.org/>* *email: **[email protected]* <[email protected]>* cell: +94 71 5186770 * *twitter: **http://twitter.com/ <http://twitter.com/afkham_azeez>* *harshathirimannlinked-in: **http: <http://lk.linkedin.com/in/afkhamazeez>**//www.linkedin.com/pub/harsha-thirimanna/10/ab8/122 <http://www.linkedin.com/pub/harsha-thirimanna/10/ab8/122>* *Lean . Enterprise . Middleware* On Fri, Jun 17, 2016 at 11:53 AM, Isura Karunaratne <[email protected]> wrote: > Hi Harsha, > > On Fri, Jun 17, 2016 at 12:53 AM, Harsha Thirimanna <[email protected]> > wrote: > >> Hi All, >> >> Currently We are working on $subject. >> >> When user tries to login using invalid credential until reach the maximum >> attempts count, we lock the account for some specific time. After the time, >> we allow to user to try again and it will be locked again after user tries >> to login using invalid credential for the maximum attempts. Now we are >> going to increase the lock time than the previous time. This ratio would be >> a configurable value. >> > > If we are keeping increased the time, and if the lock time reaches like > 2hours, what is the possible ways to login the system without waiting that > much time. (Because the account may lock due to a hacker. Then if actual > user tries to login what is the possible ways to login him without waiting?) > > Once sugession would be ,confirm user through sendinag a mail to user's > mail address. Then he can click on the link and unlock the account. > > > Thanks > Isura. > > > >> As an another improvement when a registered user tries to login to the >> system without email confirmation, inform him verification is pending and >> give the ability to resend the confirmation code to the registered email >> address. >> >> Your comments and suggestions are highly appreciated. >> >> thanks >> >> *Harsha Thirimanna* >> Associate Tech Lead; WSO2, Inc.; http://wso2.com >> * <http://www.apache.org/>* >> *email: **[email protected]* <[email protected]>* cell: +94 71 5186770 * >> *twitter: **http://twitter.com/ <http://twitter.com/afkham_azeez>* >> *harshathirimannlinked-in: **http: >> <http://lk.linkedin.com/in/afkhamazeez>**//www.linkedin.com/pub/harsha-thirimanna/10/ab8/122 >> <http://www.linkedin.com/pub/harsha-thirimanna/10/ab8/122>* >> >> *Lean . Enterprise . Middleware* >> >> >> _______________________________________________ >> Architecture mailing list >> [email protected] >> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >> >> > > > -- > Isura Dilhara Karunaratne > Senior Software Engineer > > Mob +94 772 254 810 > > > _______________________________________________ > Architecture mailing list > [email protected] > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture > >
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
