7 Tips for Developing Secure Website Login Forms
As the Internet evolves into an integrated part of people’s lives, more data is exposed to hackers. When developing your next website, PHP Script, WordPress plugin or app it is more important then ever to protect your login form as good as possible. You don’t even need to be a hacker to crack into some websites. Simply download some scripts and run them. Automated hacking has made it even easier to steal data by creating a new type of pseudo-hacker – the “script kiddie.” As a developer. you can take steps to protect users against real hackers and script kiddies.
One of the most common ways to hack a website is through forms. Forms take information and return results to the user. SQL injection, XSS (cross-site scripting) and brute force cracking are a few ways hackers can access your data. Scripts that automate login form cyber attacks are available for download. These login forms are primary doorways for hackers, and web developers must be able to defend against these attempts in their code.
1. Never Store Passwords as Plain Text
You might think that your database is safe, but all it takes is one accidental dump of the database for hackers to get the entire user name and password list. What’s especially devastating for users when this happens is that most people use the same password across several platforms. This means that since the database was hacked, your users are now at risk for hacks on other systems. You might think you aren’t responsible for users making this mistake, but a hacked database that exposes multiple systems could come back to haunt you. What if one of your internal employees has their information contained in the same table? Now your internal network could be vulnerable.
For instance, let’s say you have the email stored in the database and user passwords stored in plain text. The database gets hacked and this table is exposed. Hackers can now attempt to log in to email addresses using the plain text passwords and email combination. If you have thousands of users stored, there is a good chance that hackers will gain access to at least some of these user email addresses.
2. Implement a Password Length and Complexity Policy
Most developers require passwords that are at least six characters. Others require eight characters. Usually, the length of the password requirement is dependent on the sensitivity of the data. If credit cards are stored, it’s best to require longer passwords.
You can also require complexity with passwords. For instance, require upper-case letters and numbers. Users who are aware of password complexity rules will even use a special character. Most online login forms don’t require this level of complexity, but certain login forms should require some kind of complexity before the user can store a password.
Complexity and password length might not seem like a serious issue, but computers can brute force an eight-character password within seconds. The time is considerably increased as special characters, numbers and upper-case letters are used.
3. Use an Account Lockout Procedure After a Certain Number of Login Attempts
Brute force hacking scripts are widely available on the Internet. Dictionary words and common passwords are available for download as well. This means that a hacker or script kiddie only needs to load a dictionary file and run a script, walk away, and wake up the next morning with a list of hacked users.
To limit the success of a brute force cyber attack, use lockout policies. For instance, after a user unsuccessfully attempts to log in to an account after three attempts, make them wait several minutes for the next attempt. If five or six attempts are unsuccessful, force the user to verify the account. You can get creative with lockout policies to make it difficult for hackers but user friendly for customers who just simply forgot their password.
4. Use Password Resets with Security Questions
Some developers send passwords to users once they answer a security question. Unfortunately, email isn’t a safe method of communication for sensitive information. If the hacker has access to the email address, the next step is to gain access to web accounts using the email address he’s gained access to. If you email a password, the hacker has an easy way to get other passwords for the user and to gain access to your user’s account.
You can eliminate this security flaw by sending users a password reset form. The hacker can still change the account password, but he’s limited to creating his own password and can’t see the user’s current password. This type of password security protects your users’ data. Once the user regains access to the email address, he can then change the password to a new one.
5. Add Two-Factor Authentication
Two-factor authentication requires users to enter two types of authentication passwords into a login form. The first form is the standard user name and password. The user’s telephone number is then used as the second login factor. Your login system sends a code to the user’s cell phone as a text message. The user then enters this second code into your login form.
One issue with two-factor authentication is the inconvenience. Take Google as an example of how two-factor authentication should be implemented. Users log in to the form and then a code is sent to a cell phone number. The code is entered into their login form, and then a cookie is stored on the user’s computer. The user is only required to enter a secondary code if they log in from a different computer and give this computer authorization to store a cookie that recognizes them in the future. This means that the user only needs to enter a code on each machine instead of every time he logs in to the computer, which can get very annoying.
You should also send an alert if the user is on a public computer. Users shouldn’t store cookie information about two-factor authentication on public machines, or it gives authorization to anyone on the public machine. Only provide authorization to skip two-step authentication after the user verifies that he’s on a private machine either at home or at work.
6. Escape Any HTML Special Characters
One way hackers gain access to user accounts is to send XSS (cross-site scripts) and JavaScript to a login form. If you don’t escape HTML, these scripts are stored in your database. There are two targets for this type of hack:
- The XSS is displayed to the user, and the hacker can log keystrokes or send sensitive data to his own server.
- The XSS is displayed to one of your customer service representatives whose browser is then compromised. The customer service rep doesn’t know that as he’s working within the app, he’s sending data to a third-party server owned by the hacker.
To avoid this type of hack, web developers can use escape functions available in the language framework. For instance, both C# and PHP libraries have escape functions readily available. This means that you don’t need to manually escape characters within your code, and you can make just one call in your code to protect your users.
7. Avoid CAPTCHAs for Logins
Most of these tips involve what you should do, but this is one tip on what you should not do. CAPTCHAs are terribly annoying for users who forget passwords. CAPTCHAs are difficult to read especially for the visually impaired. They are distorted words within a picture. Distortion is used to protect against image identification programs that can automate and bypass CAPTCHA protection, but they also cause usability issues.
If you rely on CAPTCHAs to send users a password reminder, visually impaired users can’t read the blurred image, which means they can’t recover their passwords. Some CAPTCHA systems are terribly hard to read even for people with 20/20 vision. Users give up and choose another service instead.
An option for a CAPTCHA system is Google’s reCAPTCHA. This system uses small numbers that are easily read by humans but not bots. The reCAPTCHA system isn’t bulletproof, but it’s a better option if you insist on using this type of protection.
Conclusion
Web developers think that login forms are simple parts of a website. However, login forms are one of the main pages targeted by hackers, so they are actually complex parts of web development because of the high level of security. Whatever you are building; a website, a WordPress plugin a PHP script or app. Securing your user data should be a priority, and a secure website or app builds trust with your customers. While no login form is completely bulletproof and no guarantees are made that a new hack will get through your code, you can help protect company assets from typical, common scripts.
Join over 50,000 developers, designers and entrepreneurs!
Get exclusive articles, special deals and freebies delivered straight to your email inbox!