Come together with the global Drupal community in Rotterdam, 28 Sept – 1 Oct 2026. Sessions, contribution, connection, and Early Bird savings until 8 June.
By clkeenan on
I've had issues with an individual trying to hack into my drupal account. Are there any modules that exist that require you to answer a security question, after logging in with your correct username and password, before being completely logged in? That would provide an extra level of security so even if the person was able to get your password, they'd still need to know what your security question was.
Does that make sense?
Comments
=
If this is a private site for you alone (and maybe a handful of others) you could use the secure site module, which requires http authentication before a user can even get to the login page. You can apply the settings to the whole site (if you want to keep it invisible to the rest of the world) or to a single page (i.e. the login page).
PS: You also can ban the IP address with which the individual is associated.
Personally I don't think that
Personally I don't think that make more sense! Because if someone able to find your password maybe he can find this one. Some advice listed below give us more security:
- Make your machine protected form some keyloger and Trojan and do not log in form unsafe machine.
- Chose other username for admin when you install drupal (you can change it after installation also)
- Create a normal username for posting content and add to a user group only able to post content permission.
- Always chose strong password with more special character like (' " . , # ! / ^) etc.
- Install a captcha module for log in, it give us more safety against password finder robots.
I hope this advice helpful.
Banks requires security questions, but Drupal not yet
That type of security questions is a required feature for any banking system on the web and are often accompanied by some security image that any phishing page would fail to display.
Unfortunatly, Drupal does not provide a way yet to support that type of security questions/images. I guess a contrib module could do this, though. But I have not seen any that does that.
/*_*/
http://www.xmacinfo.com
Thanks everyone for the
Thanks everyone for the feedback. The site is a very public site getting a couple hundred thousand visitors a month so locking it down completely, wouldn't work.
The reason why security questions would be ideal is because you could configure a list of X questions and 2 of them would be asked at random and unless you knew the password and the security questions, you wouldnt be able to login.
-
Do you want to restrict access to the login page alone?
sandbox project
I was just asked about this type of functionality for a client project. After searching for hours, i decided to try and come up with a solution myself. I have written a module that accomplishes this type of functionality. I just uploaded it to my sandbox (http://drupal.org/sandbox/chertzog/1414168).
This is my first module, so take it easy on me. If there are issue, let me know and i will do my best to address them.
Thanks
Wow. Very cool. Do you plan
Wow. Very cool. Do you plan on taking this to full project status on Drupal.org?
Please see Handle text in a
Please see Handle text in a secure fashion.
Yes, its still a sandbox
Yes, its still a sandbox project, and i know i have quite a bit of clean up to do. Like i stated this is my first module contribution to d.o so it's a learning experience.
Yes i do plan to make it a full project. I wanted to get a couple testers to give it a once over, and address any major issues first.
If you would like to help, i will glady take any contributions for ideas for making this project better.
Thanks!
chertzog
I simply pointed you to a
I simply pointed you to a resource to help you. No need to apologize for defects.
Thanks. I have already
Thanks.
I have already commited fixes most of the text strings.
Security Questions
I have finally gotten my module to a fully functioning state, and through the project application. The project is now available (http://drupal.org/project/security_questions). I have some ideas for future development, as well as being open to others.
Looks like you need to create
Looks like you need to create a "release" for it (unless you want everyone to use a Git clone command to get it). It looks like an interesting module for heightened security and could be especially helpful for sites with a greater-than-average need to reduce the threat of account hacks.
See you at the Drupalcon!
I did. It just got promoted
I did. It just got promoted to full project a couple hours ago. The drupal packaging process only runs twice per day. so it may be a couple hours yet until it shows on the page.
Okay. :-)
If you've created a release and it's just not showing up yet, I understand. Just thought I'd make sure you hadn't missed that step. :-)
See you at the Drupalcon!
Dev shot has finally been
Dev shot has finally been created.