Brute force - login solution



  • here is a possible solution to integrate into the login

    http://www.phonefactor.com it is free and basically once the username and password is authenticated it will send a phone call to you and ask you to hit the pound sign.  Obviously if you are not trying to login and you get a phone call then you know someone has a username and password and they will not be able to get in without you hitting the pound sign on the phone.

    what do you think?



  • Commercial software, not BSD licensed so no.  I don't see this happening ever, assuming there was even a FreeBSD port.



  • @submicron:

    Commercial software, not BSD licensed so no.  I don't see this happening ever, assuming there was even a FreeBSD port.

    I was just giving it as an option.  The software issue is there is none.  If you look they have some sample code for a php script to get it to work with there systems.

    But I do understand the licensing.  The free version is there for anyone who wants to use it.



  • But free doesn't mean that it can be used in an open source project.  There's a world of difference between free, GPL<versionx>, BSD, MPL, etc.

    Plus, frankly, if you switched to using key only logins, it wouldn't be a problem as the attacker would need both your private key and your passphrase.</versionx>


Log in to reply