For service providers providing network application services, the network services provided by them are all presented through the server. There is an essential link for data management and use on the server: the login link. The login process is that the login person enters the user name and password, and the server confirms the login person's identity by comparing the user name and password entered by the login person.
The biggest drawback of this authentication method is that once the user name and password are stolen by others (now there are thousands of ways to steal user names and passwords), the consequences can be imagined.
Theft and theft have been fighting for many years, and theft seems to have never had the upper hand. How to make the anti-theft take the lead in the battle between theft and anti-theft?
Ideas determine the way out. Since the anti-theft cannot be effectively prevented, then give up anti-theft! There are thousands of means of stealing, and the purpose of stealing is one: embezzlement. As long as the misappropriation can be effectively blocked, the consequences of misappropriation can be avoided.
Here are a few methods that can effectively reduce the probability of successful use of stolen usernames and passwords.
method 1:
time limit law.
The specific measure is that the legal owner of the user name and password sets a valid time window for the user name and password on the server.
After the server receives the user name and password for login, in addition to determining whether the user name and password are correct, it also needs to determine whether the time of receiving the user name and password falls within the valid time window.
Method 2:
Geographical Restriction Act.
The specific measure is that the legal owner of the user name and password sets the valid geographical location of the user name and password on the server.
After the server receives the user name and password for login, in addition to determining whether the user name and password are correct, it also needs to determine whether the geographical location of the terminal sending the user name and password falls within the valid geographical location.
Method 3:
Special ID Restriction Act.
The specific measure is that the legal owner of the user name and password sets the special ID that the reporting terminal of the user name and password must have on the server.
After the server receives the user name and password for login, in addition to determining whether the user name and password are correct, the server also needs to determine whether the special ID reported by the terminal sending the user name and password is a valid special ID.
Method 4:
Routing fingerprint restriction method.
The specific measure is that when the legal owner of the username and password sets the reporting of the username and password on the server, the necessary valid macs in the routing fingerprints formed by the router's mac code on the reporting path are reported. code.
After the server receives the user name and password for login, in addition to determining whether the user name and password are correct, it also needs to determine whether the router mac code sent with the user name and password contains a valid mac code.
Method 5:
Terminal Restriction Act.
The specific measure is that the legal owner of the user name and password sets the special ID or condition of the reporting terminal of the user name and password on the server.
Before reporting the user name and password, the terminal will self-check whether the terminal has the special ID or conditions for reporting the terminal.
The above five restriction methods that can be used in the login process can be formed into a low-cost, efficient and accurate login authentication system through different arrangements, combinations, extensions and expansions.