This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Advanced Password Management Library
Introduction
Advanced Password Management Library works on top of "Basic Password Management Library". It provides additional functionality to help developers mitigate the risks of password theft and misuse. Though advised to use this library in conjunction with "Basic Password Management Library", this library is a stand-alone library. It can also be imported directly in existing projects and its functions can be used directly. This library provides few, but advanced functions to catch misuse of passwords and to assist advanced authentication mechanisms. These terms are described below in detail.
PHPSEC Advanced Password Management Implementation
This following type of functions are provided in this library:
Brute Force Detection: This function has the capability to detect if a brute-search is in progress. It monitors the time difference between two login attempts and calculates if the login attempt was made by a human or a bot.
Temporary Password: Function to generate a temporary password. Developers can use this function in various cases. For e.g. in case if a user forgets his/her password, developer can device functions to generate a temporary password using this function to be sent to the user's email to reset their password. Additionally, this function can be used for two-factor authentications where for sensitive transactions, a separate temporary password is needed to be sent to user in their email/other device/mobile phones, etc. Possibilities are endless.
