cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

The PTC Community email address has changed to community-mailer@ptc.com. Learn more.

The TWX login system is not secure enough (according to client)

The TWX login system is not secure enough (according to client)

Status: No Plans to Implement Submitted by 18-Opal on ‎Mar 01, 2020 09:23 PM
1 Comment (1 New)

The TWX login system is not secure enough (according to client)

 

Client mentioned that they can use Brute Force attack to find out the password of the User, although I explained with "length limit","blacklist","user lock" it won't be that easy to hack the User.

 

The client suggests TWX adding a new field during User login [ popup login or FormLogin], in this field we type in the random number we read from a picture the system generates, and it will change everytime we try to login. This is a common secure mechnism in China to avoid 

See more ideas labeled with:
1 Comment
olivierlp
Community Manager
Community Manager
‎Aug 16, 2021 01:02 PM
‎Aug 16, 2021 01:02 PM
Status changed to: No Plans to Implement

PTC strongly recommends that customers use Single Sign-On (SSO) to authenticate to ThingWorx, and will thus focus R&D efforts on enhancing that capability. Additionally, customers using Basic or Form authentication can limit the number of login attempts (defaulting to 5) within a certain period (defaulting to 5 minutes), which will make a brute force attack such as the one described almost impossible.