Aw: Beudetutung von challenge und response zur Validierung eines Benutzers

posts: 9305 Germany


Use challenge-response authentication:

If enabled and the user's browser supports JavaScript , passwords ARE NOT SENT across the network. Instead, a challenge response algorithm is used. Tiki generates a challenge code and the browser sends a response based on the challenge that Tiki verifies to login the user. Challenge responses cannot be reused. This method, if enabled, strongly enforces the security of your user passwords. If you use this option, you don't need an HTTPs connection for extra security. The drawback to this method is that users will have to enter their email address every time they login — three boxes to fill in not two.