Meredith Noble wrote:
Hi folks,
Does anyone know where I could find a list of best practices around
login security? I'm looking for an overview of the most common
techniques and how they relate to both security and user experience --
pros and cons.
Putting on my professional security hat for a moment, I don't think
there are a general set of security best practices. There are specific
sets of best practices depending on what your general security
requirements are, but it's difficult to state a set of general best
practices that aren't so vague as to be useless. (ex: "Be functional",
"don't annoy the user", etc.)
Ask yourself what the value is of what you're protecting? What is the
cost of a breach and who absorbs the cost? How often do you need to
authenticate and under what circumstances? Who are the potential
attackers and what resources do they have?
If you don't have one in-house or if the client doesn't have one, I
suggest you find a good security consultant and get a set of security
requirements and start from there.
--
jet / KG6ZVQ
http://www.flatline.net
pgp: 0xD0D8C2E8 AC9B 0A23 C61A 1B4A 27C5 F799 A681 3C11 D0D8 C2E8
________________________________________________________________
Welcome to the Interaction Design Association (IxDA)!
To post to this list ....... [EMAIL PROTECTED]
Unsubscribe ................ http://www.ixda.org/unsubscribe
List Guidelines ............ http://www.ixda.org/guidelines
List Help .................. http://www.ixda.org/help
