Our features site is undergoing a refresh! Be sure to explore the revamped site and discover our latest product roadmap launching here on Monday, March 18th.
New Topic
cPanel & WHM Feature RequestsTopicSecurity
Properties
Category Security
Tags destroy login, clear login cache, login retry, clear data

Destroy All Login Data on Login Fails

dave shared this idea 5 years ago
Open Discussion

As a System Administrator, I would like for the functionality to be added where login input data is destroyed on Login Failure because clearing the login and password fields after a failed attempt helps prevent security risks where someone could login without entering a password.


============

Issue - When a login attempt fails due to incorrect username, the password data value is still valid on login re-attempts. Once the username is corrected, then one can just login without having to re-enter the password, which fundamentally works against security.

Solution - Simply destroy all login input data on Login Fails. Nothing should be saved or kept in cache regarding login "before" being logged in. So if a login fail happens, then there should not be any username or password data remaining in the login field values, it should be cleared.

1 I like this idea 0  
Leave a Comment
 
Attach a file

cPanel, WebHost Manager and WHM are registered trademarks of cPanel, L.L.C. for providing its computer software that facilitates the management and configuration of Internet web servers.