Add: Yuck requirements for password reset, temporary account locks

author: Lars Wirzenius <liw@liw.fi> 2019-02-25 14:13:53 +0200
committer: Lars Wirzenius <liw@liw.fi> 2019-02-25 14:13:53 +0200
commit: 3c0a8b4cad8e56b77543cc788f22ca162b21255b (patch)
tree: 9fe66aca83af3ba182326bcbbcca151a16c99360
parent: e42c76f4f2c0b57fcb17e29dc56fefbbd6220381 (diff)
download: ick.liw.fi-3c0a8b4cad8e56b77543cc788f22ca162b21255b.tar.gz
1 files changed, 7 insertions, 0 deletions
diff --git a/yuck.mdwn b/yuck.mdwn
index 135c6ce..08bf0ad 100644
--- a/yuck.mdwn
+++ b/yuck.mdwn
@@ -163,6 +163,13 @@ reference in discussions.
 * (PRIVACYSTORE) Yuck MUST NOT store personal information it does not
   need.
 * (PRIVACYLEAK) Yuck MUST NOT leak personal information.
+* (PWRESET) Yuck MUST support the user resetting their password,
+  securely.
+* (TEMPLOCK) Yuck MUST support locking an account temporarily, if it
+  is the target of too many failures. This is to avoid an attacker
+  from brute-forcing a password by trying many times.
+* (TEMPLOCKNOTIFY) Yuck MUST notify an account owner of temporary
+  locking, out of band.
 
 
 # Architecture: the ecosystem
author	Lars Wirzenius <liw@liw.fi>	2019-02-25 14:13:53 +0200
committer	Lars Wirzenius <liw@liw.fi>	2019-02-25 14:13:53 +0200
commit	3c0a8b4cad8e56b77543cc788f22ca162b21255b (patch)
tree	9fe66aca83af3ba182326bcbbcca151a16c99360
parent	e42c76f4f2c0b57fcb17e29dc56fefbbd6220381 (diff)
download	ick.liw.fi-3c0a8b4cad8e56b77543cc788f22ca162b21255b.tar.gz