Password Sharing Prevention (Password Sentry, Strongbox, etc)
 

Hey All,

Anyone have any experience using Password Sharing, Brute force prevention software like these:

password-sentry.com
bettercgi.com/strongbox


What do you recommend for this? What do you guys use to prevent password abuse on your sites?

I might be biased, but I'd recommend Password Sentry ;) If you have any questions, feel free to ask them.

Look like your replied to your own thread :1orglaugh:1orglaugh:1orglaugh

nice way of spamming :thumbsup

Nope. I discovered that thread while Googling "password sentry". Found on page 33 of 36. Something I routinely do looking for things like that. I'm sure a moderator can check and compare my IP with the original poster's IP. As a matter of fact, I would like to request a mod to do that, and report back.

This was Google search result link:

https://www.google.ca/url?sa=t&rct=j...98717601,d.cGU

which I discovered here:

https://www.google.ca/?gws_rd=ssl#q=...ntry&start=320

Lots of opinions in my recent thread about it here Strongbox error message - GoFuckYourself.com - Adult Webmaster Forum

Phantom Frog
 

Before you decide, take a look at PhantomFrog.com

Phantom Frog in my opinion is the best password protection you can have for a pay site. I've tried most over the last 15 years but have been very happy for the last 7 years with Phantom Frog.

For bruteforce you can do a few things. First you should never save raw password to your database but rather save encrypted password using bcrypt or similar.

Then you can limit login tries. Either on the server side using fail2ban and blacklist ips after failed login attempts. Or by locking an account until the user is able to validate using another method of your choice.