After a short irc discussion I've been noticed that a merge of the this module with login_security will provide a more feature riched module. Just would like to know what do you think about and how could we afford this situation.

Cheers,
ilo

Comments

EugenMayer’s picture

EugenMayer CreditAttribution: EugenMayer commented

I really think, both modules are trying to secure the same thing. And more important, both attempts are valueable and important.

Would be great to merge that both have something more powerful

lpalgarvio’s picture

lpalgarvio CreditAttribution: lpalgarvio commented

i agree, if if it doesn't take a year to so =P

ilo’s picture

ilo CreditAttribution: ilo commented

Secure login process is not a module, it is a topic:
- limit the ammount of login attempts (the purpose of this module)
- use SSL
- use strong credentials
- use a third authentication factor (otp)
- others..

If we start including them here, the list will grow and grow.. Next in the list will include using blacklists, controlling the session numbers, role based login bu url, and so on. The 'blaming' part here, is that all these 'funcionalities' already have a working module right now, and all of them had conflict with logintoboggan at some point of their development.

Imho this is out of the scope for this module, that just should focus on limit the ammout of login attempts, but I'd agree that a "feature" including all these security modules is indeed a great idea I was thinking about the last three or four months.

Anyone wants to take the lead on this 'security feature'? right now I'm a little bit busy.

erikwebb’s picture

erikwebb CreditAttribution: erikwebb commented
Status: Active » Closed (duplicate)

There are plenty of user login security-type modules. Password Policy provides a very specific and well-defined purpose on its own. It could easily be integrated into others, but that's a larger discussion to have with all similar modules at the same time, not cherry-picking individual modules that seem related.

Duplicate of #833188: Integrate functionality of defunct Password Expire module