I would be very interested in ...

Prevent brute force attacks: Have a maximum of three tries to login with a password, before locking the user's IP out for 30 minutes.

People with insecure passwords can be easily broken into, by people with too much time on their hands... ie, brute force method. This should be pretty easy to implement. Just time out the login page. People's boudoir photographs should not be easy to hack into.

141 votes
Vote
Sign in Sign in with Zenfolio
Signed in as (Sign out)
You have left! (?) (thinking…)
Nadine Photography shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →
completed  ·  AdminZenAdmin (Supervisor, Zenfolio) responded  · 

To enhance the security of your password-protected galleries, our system will now detect too many failed password attempts and lock the user out of the gallery for a period of time. They will be advised to contact the photographer for the correct password, and you will receive an email alert when a lockout occurs on your site

15 comments

Sign in Sign in with Zenfolio
Signed in as (Sign out)
Submitting...
  • Steve commented  ·   ·  Flag as inappropriate

    I hate this feature. Not that it's a bad idea, but the way it is implemented.

    I was testing a new gallery and got locked out of it. The frustrating part is that neither I or Zenfolio support were able to unlock the gallery. Also, I received a message that told me the gallery would be locked for some period of time, but didn't tell me how long.

    This is ridiculous. Just because a lot of sites lock you out after three attempts, doesn't make it right. This limitation encourages people to create weak passwords, since it's too easy to make a mistake with a more complex password and get locked out.

    It's easier to unlock my on-line bank account then it is to unlock one of my own galleries on Zenfolio. Let the photographer unlock their own galleries; decide how many attempts they consider acceptable or disable this feature all together, should they choose.

    I appreciate a lot of things that Zenfolio does and they do a lot of things right, but I don't need them to be my nanny.

  • Anonymous commented  ·   ·  Flag as inappropriate

    As the owner of 2 zenfolio sites and renewals coming up soon I'm requesting this be an added feature.

  • Pixntxt commented  ·   ·  Flag as inappropriate

    This shouldn't even be up for debate. All secure sites have this feature.

  • Treasured Memories Photography commented  ·   ·  Flag as inappropriate

    I would love to see this as an added security setting! It would also be helpful if we were notified when a password has failed on the 2nd try. This would allow us to contact the customer to make sure that they do not need assistance with their password or remove the file completely.

  • Anonymous commented  ·   ·  Flag as inappropriate

    This timeout feature (or a gallery lock down feature requiring the site administrator to reopen the gallery). Or a timeout feature in addition to a notification sent to the site administrator.

Feedback and Knowledge Base