Tim's Weblog
Tim Strehle’s links and thoughts on Web apps, software development and Digital Asset Management, since 2002.
2006-09-20

Watching out for our own security

Jon Udell at InfoWorld - Watching out for our own security:

"Desktop and server operating systems know, and can report, when you’ve logged in and what you’ve been doing. True, a savvy impersonator can erase her footsteps, but if you’re motivated to look, there’s a decent chance you can detect an intrusion.

Applications and services delivered through the Web usually don’t afford the same opportunity. If a failed password-guessing attack triggers a temporary lockdown of my online bank account, I have some hope that I’ll be promptly notified -- though I’m not about to try the experiment in order to find out.

But what if shoulder-surfing or a lucky guess yields up my credentials to an evildoer? Typically there’s no way for me to monitor the account for amounts, times, or IP addresses that only I would recognize as suspicious.

They should at least show me the last log-in time. A more complete view of all account activity would be ideal."