Contensive has a standard login dialog it uses to authenticate users. This dialog and the process it follows has built in fraud protection rules, such as a limit to the number of failed logins it allows.
Contensive can optionally be set up to require Unique Usernames. If non-unique usernames are allowed, then a single typo on the login dialog could log you into the wrong account. Many matching usernames could make guessing passwords fairly easy.
In all cases, the Username/Password combination must be unique or the authentication will fail.
There is a Site Property for each website which enables the site to automatically authenticate a member when they are identified. This feature makes returning to a website fast and easy; however, you must always remember that anyone who uses the same computer after you will also log-in with your account.
With Auto Login enabled, be sure to never check the "Automatically log me in from this computer" if you are at a non-secure computer, such as a Library.
The Contensive Login Dialog can optionally include an "Email my password to me". When a user enters his email address, the member accounts are searched for that email address, and the matching password (if found) is sent.
If someone has access to your email account, they can get your Contensive Username and Password. If you have this feature enabled, you must protect your email account with at least the same security precautions you require for your site access.
User Recognition (being recognized)
If you have previously visited a website, you have been assigned a member account on the site. This may be your assigned account with your username and password, or it may be a new account labeled as a "Guest". In either case, when you return to the site with cookies enabled, you are recognized by the site and assume that previous identity.
Being identified, however, does not automatically allow you to take advantage of the member accounts permissions, such as editing content or visiting the Admin Site. This can only be done if you are also authenticated.
Failed Login Blocking
When authentication is attempted and failed, the attempt is logged for the visit. After three failed attempts, authentication automatically fails for future attempts. No visible notice is given for this condition. This prevents dishonest users, or automated tools from attempting repeated logins until success.
This page was last reviewed Monday, May 14, 2012