1.15 Concurrently, the system should perform velocity checking against the IP address of the last known valid log-in from that user so as to ensure the user is logging in from an IP address range originating from within that country of origin. It would be not be feasible to expect a user logging in from one geographic location and then from another within a specified amount of time, e.g., Correct credentials supplied from a user originating from the United Kingdom at GMT 10:00Hrs and a second log-in attempt from a user in Venezuela at GMT 10:27Hrs.
Earlier I have seen that Facebook performs a similar validation. When you are logging in from a different location, Facebook provides the following validation screen:
However, there might be problems with Facebook's approach, since it might be not difficult to discover the person's birthday (try a google search to find out your own birthday, chances are that you will be impressed ;).
http://www.linkedin.com/in/oldbam
1 comment:
Basically a same story was written at the F-Secure blog here http://www.f-secure.com/weblog/archives/00001831.html
Post a Comment