diff options
author | Lars Wirzenius <liw@liw.fi> | 2019-02-25 14:13:53 +0200 |
---|---|---|
committer | Lars Wirzenius <liw@liw.fi> | 2019-02-25 14:13:53 +0200 |
commit | 3c0a8b4cad8e56b77543cc788f22ca162b21255b (patch) | |
tree | 9fe66aca83af3ba182326bcbbcca151a16c99360 | |
parent | e42c76f4f2c0b57fcb17e29dc56fefbbd6220381 (diff) | |
download | ick.liw.fi-3c0a8b4cad8e56b77543cc788f22ca162b21255b.tar.gz |
Add: Yuck requirements for password reset, temporary account locks
-rw-r--r-- | yuck.mdwn | 7 |
1 files changed, 7 insertions, 0 deletions
@@ -163,6 +163,13 @@ reference in discussions. * (PRIVACYSTORE) Yuck MUST NOT store personal information it does not need. * (PRIVACYLEAK) Yuck MUST NOT leak personal information. +* (PWRESET) Yuck MUST support the user resetting their password, + securely. +* (TEMPLOCK) Yuck MUST support locking an account temporarily, if it + is the target of too many failures. This is to avoid an attacker + from brute-forcing a password by trying many times. +* (TEMPLOCKNOTIFY) Yuck MUST notify an account owner of temporary + locking, out of band. # Architecture: the ecosystem |