Limiting user login attempts in PHP [duplicate]

by

I saw a creative approach to this once…

For each login attempt, that fails, the lockout time increases… exponentially.

attempt | lockout time
======================
   1    |     2s
   2    |     4s
   3    |     8s
   4    |    16s
   5    |    32s
   6    |    64s
   7    |   128s
   8    |   256s
   9    |   512s
  10    |  1024s

In theory, it lets user make a mistake or two, but as soon as it appears to become a “hacking” attempt, the hacker gets locked out for longer and longer time periods.

I haven’t used this myself (yet), but conceptually I quite like the idea. Of course on successful login, the counter is reset.

More Related Contents:

  1. Single Session Login in Laravel
  2. How Secure Is This Login System? (Using Cookies In PHP)
  3. What are the best practices for avoiding xss attacks in a PHP site [closed]
  4. When should I use prepared statements?
  5. “Keep Me Logged In” – the best approach
  6. Full Secure Image Upload Script
  7. How safe are PHP session variables?
  8. PHP Curl And Cookies
  9. Generating a random password in php
  10. Blocking comment spam without using captcha [closed]
  11. Preventing session hijacking
  12. Why is using a mysql prepared statement more secure than using the common escape functions?
  13. Are mysql_real_escape_string() and mysql_escape_string() sufficient for app security?
  14. how safe are PDO prepared statements
  15. “slash before every quote” problem [duplicate]
  16. How to create a laravel hashed password
  17. How to run PHP exec() as root?
  18. Hiding true database object ID in url’s
  19. Custom user authentication base on the response of an API call
  20. REST API Authorization & Authentication (web + mobile)
  21. Session hijacking and PHP
  22. CakePHP remember me with Auth
  23. Codeigniter CSRF – how does it work
  24. How validate unique email out of the user that is updating it in Laravel?
  25. Session timeouts in PHP: best practices
  26. Check if http request comes from my android app
  27. How to protect html form from spammers?
  28. If i use captcha will i be able to stop the spam completely in my blog?
  29. Improve password hashing with a random salt
  30. What is the best method to prevent a brute force attack? [closed]

Leave a Comment