Prevent brute force attacks: Have a maximum of three tries to login with a password, before locking the user's IP out for 30 minutes.
People with insecure passwords can be easily broken into, by people with too much time on their hands... ie, brute force method. This should be pretty easy to implement. Just time out the login page. People's boudoir photographs should not be easy to hack into.
To enhance the security of your password-protected galleries, our system will now detect too many failed password attempts and lock the user out of the gallery for a period of time. They will be advised to contact the photographer for the correct password, and you will receive an email alert when a lockout occurs on your site
LightRain Images Photography commented
This feature should be an OPTIONONLY not a default! When I start posting top secret info, I'll choose the lockout feature.
I hate this feature. Not that it's a bad idea, but the way it is implemented.
I was testing a new gallery and got locked out of it. The frustrating part is that neither I or Zenfolio support were able to unlock the gallery. Also, I received a message that told me the gallery would be locked for some period of time, but didn't tell me how long.
This is ridiculous. Just because a lot of sites lock you out after three attempts, doesn't make it right. This limitation encourages people to create weak passwords, since it's too easy to make a mistake with a more complex password and get locked out.
It's easier to unlock my on-line bank account then it is to unlock one of my own galleries on Zenfolio. Let the photographer unlock their own galleries; decide how many attempts they consider acceptable or disable this feature all together, should they choose.
I appreciate a lot of things that Zenfolio does and they do a lot of things right, but I don't need them to be my nanny.
Shyann Laurel Photography commented
I agree.. Please implement asap!!
This would be a nice feature to implement. Thanks.
As the owner of 2 zenfolio sites and renewals coming up soon I'm requesting this be an added feature.
Pinky Promise Photography commented
This would have prevented the people who tried over and over again to sign into our private galleries.
Absolutely no reason whatsoever not to add this feature.
This shouldn't even be up for debate. All secure sites have this feature.
If there's a problem, fix it! This might help.
This would be a great feature!!
Absolutely - no question.
Absolutely a necessary function!!
Treasured Memories Photography commented
I would love to see this as an added security setting! It would also be helpful if we were notified when a password has failed on the 2nd try. This would allow us to contact the customer to make sure that they do not need assistance with their password or remove the file completely.
This timeout feature (or a gallery lock down feature requiring the site administrator to reopen the gallery). Or a timeout feature in addition to a notification sent to the site administrator.
This should be a MUST!!