Brute force - login solution
-
here is a possible solution to integrate into the login
http://www.phonefactor.com it is free and basically once the username and password is authenticated it will send a phone call to you and ask you to hit the pound sign. Obviously if you are not trying to login and you get a phone call then you know someone has a username and password and they will not be able to get in without you hitting the pound sign on the phone.
what do you think?
-
Commercial software, not BSD licensed so no. I don't see this happening ever, assuming there was even a FreeBSD port.
-
@submicron:
Commercial software, not BSD licensed so no. I don't see this happening ever, assuming there was even a FreeBSD port.
I was just giving it as an option. The software issue is there is none. If you look they have some sample code for a php script to get it to work with there systems.
But I do understand the licensing. The free version is there for anyone who wants to use it.
-
But free doesn't mean that it can be used in an open source project. There's a world of difference between free, GPL<versionx>, BSD, MPL, etc.
Plus, frankly, if you switched to using key only logins, it wouldn't be a problem as the attacker would need both your private key and your passphrase.</versionx>