hi chuck, if it became a problem, there are a couple of angles that could be used including what you mention. another idea would be to let users define an IP (or range) that logins to their account must come from, ignoring the rest.
possibly also let each account holder configure their own lockout protection parameters - # incorrect attempts til lockout, # minutes locked out, # incorrect attempts allowed after that til relockout. "real men" with the most random and lengthy of passphrases would just disable lockout protection on their accounts. another line of thought is to login via an identifier other than account number (so that bad guy can't pick out your particular account to hit). jay w. [EMAIL PROTECTED] --- You are currently subscribed to e-gold-tech as: archive@jab.org To unsubscribe send a blank email to [EMAIL PROTECTED] Use e-gold's Secure Randomized Keyboard (SRK) when accessing your e-gold account(s) via the web and shopping cart interfaces to help thwart keystroke loggers and common viruses.
