Any creative solution to make it harder for hackers to copy your IdP login page?
cantor.2 at osu.edu
Wed Mar 28 07:54:52 EDT 2018
On 3/28/18, 1:01 AM, "users on behalf of Martin Lunze" <users-bounces at shibboleth.net on behalf of martin.lunze at tu-dresden.de> wrote:
> I only want to say, this way its possible for attackers to guess usernames.
> In my personal opinion the first step of a possible attack.
As soon as you go down that road, you are trapped into expensive rules around what systems can make use of the username as an identifier, and that is a disaster in most cases.
> After this attackers could bruteforce passwords target-oriented.
Phishing is too easy to make it worth the time.
More information about the users