10-02-2017, 06:08 PM
I don't mind this feature as long as some password strength enforcement is involved. If you base your password strength on how long it takes to crack instead of the typical required capitals, numbers, and special characters, even with a known username the password will still take a long time to brute force. Combine this with limited login attempts allowed within a set time period and the risk of brute force entry will be drastically diminished.
There are plenty of topics on these with a quick Google search, but here are a few links to get you started:
Brute Force Block class- very simple to implement
Password Entropy Check- much more secure than the Javascript alternative
jQuery + Ajax Tutorial- a long but easy to learn tutorial on jQuery+Ajax basics. There's so much more you can do but this should get you going, and you're always able to enhance your script once you've gained a bit more jQuery experience
There are plenty of topics on these with a quick Google search, but here are a few links to get you started:
Brute Force Block class- very simple to implement
Password Entropy Check- much more secure than the Javascript alternative
jQuery + Ajax Tutorial- a long but easy to learn tutorial on jQuery+Ajax basics. There's so much more you can do but this should get you going, and you're always able to enhance your script once you've gained a bit more jQuery experience