Security Patterns Repository


all | design | requirement | architectural | implementation | procedural

Account Lockout

(source: KETEH01)


Passwords are the only approach to remote user authentication that has gained widespread user acceptance. However, password- guessing attacks have proven to be very successful at discovering poorly chosen, weak passwords. Worse, the Web environment lends itself to high-speed, anonymous guessing attacks. Account lockout protects customer accounts from automated password-guessing attacks, by implementing a limit on incorrect password attempts before further attempts are disallowed.

Pattern Type