Interesting Login Screen
This login screen makes things a little bit more interesting for the end users by displaying an inspirational photo on the login screen. The images would be sourced to show ones relevant to the user (such as from their own user-uploaded gallery) from where their previous login was identified but a password re-prompt is necessary for certain operations.
The form itself features other common features expected from login forms, including...
- Preventing account harvesting by not indicating a incorrect password vs a missing account. This is also achieved by adding an artificial delay between incorrect login and missing accounts.
- bCrypt is used on passwords, as well as an artificial delay to ensure that attacks take a long time. Each user will not notice a second or two delay on login, an attacker would easily when performing automated attacks.
- Accounts are locked upon too many failed attempts (but active sessions already started are maintained).
- The form is AJAX based and also supports two-factor authentication when the user has enabled the feature.
- On successful login, a message is displayed for a few seconds if the password has not been changed for a while. Depending on policy, they will also be prompted to enter a new one.