Closed Bug 797930 Opened 12 years ago Closed 11 years ago

If user fails to enter PIN X amount of times lock the account

Categories

(Marketplace Graveyard :: Payments/Refunds, defect, P1)

Product:
Marketplace Graveyard
Component:
Payments/Refunds
Type:
defect

Tracking

(Not tracked)

Status:
VERIFIED FIXED
Milestone:
2013-01-10

People

(Reporter: jsmith, Assigned: wraithan)

References

Details

(Whiteboard: u=patron c=pmt p=2 w=1) 

We currently need to handle use cases for when a malicious user tries to launch an attack to guess a user's login for any account in the payment process. This includes:

- The PIN
- The persona account

cc-ing Raymond for input, Maria for UX
Blocks: basecamp-payments
Account locking for email/password will be handled by Persona and is not something Marketplace can work on (so I guess ask Persona what their policy is?). The Marketplace can only handle PIN locking.

Ray: how many times before we lock out the user? How long do we lock them out for?

Maria: we'll be looking for your help to make sure the lock-out is a friendly user experience that does not inconvenience non-evil people :)
Blocks: 795105
Assignee: nobody → msandberg
blocking-basecamp: --- → ?
Keywords: uiwanted
Priority: -- → P2
At-risk feature work can't block at this point can't block based on the discussions in today's b2g meeting.
blocking-basecamp: ? → ---
Also if they PIN lockout do we want to log them out/lock them out of the rest of their account for the duration. Or just lock their PIN and not let them purchase until it is unlocked and they remember it. 

Also are there ways to get around the lock? Such as using a forgotten PIN link that lets you change it?
(In reply to Jason Smith [:jsmith] from comment #2)
> At-risk feature work can't block at this point can't block based on the
> discussions in today's b2g meeting.

Ignore my comment here btw. Apparently this was a point of confusion on my behalf.
blocking-basecamp: --- → ?
I made this bug PIN specific. I believe Persona already filed for their lock-out feature, can't find the bug though.

Making this a P1 since we need this to prevent brute force PIN attacks.
Priority: P2 → P1
Summary: If a user fails to login X amount of times for any account involved, we need to lock the associated account → If user fails to enter PIN X amount of times lock the account
Ray, how many incorrect PIN entries before we should lock out a user? Note that they will be logged in with a single Persona account so we probably don't have to try and block IPs or anything.
Flags: needinfo?(rforbes)
The UX flow for this will be:

- user enters pin incorrectly [n] times
- on last incorrect try the pin screen shows text saying "The pin was entered incorrectly too many times. Sign in to continue".
- two buttons are available: "sign in" and "cancel" 

See page 21-23 in updated specs:
https://www.dropbox.com/s/fjr5aqt8mqq8faq/marketplace-id-payments-20121017.pdf
Sorry - that's page 21 only. The user will not be asked to reset the pin for this case, just re-authenticate by signing in. After that they can try for [n] more times.
For single device we can simply log them out and force them to log in again when they revisit, but for multiple devices this doesn't hold up.

Even if we remember that they were locked out and when, do we have a way to determining when they log in? We'll need to make sure it was after the point when they were locked out. I don't know much about Persona so maybe this is viable?
we need the log out everywhere feature coming soon to Persona. https://bugzilla.mozilla.org/show_bug.cgi?id=797947#c2
Ah good stuff. Makes sense now.
Blocks: marketplace-payments
No longer blocks: basecamp-payments
so, can we force a logout if they fail X amount of PIN attempts?  Off the top of my head, I would say 5.
Flags: needinfo?(rforbes)
(In reply to Raymond Forbes[:rforbes] from comment #12)
> so, can we force a logout if they fail X amount of PIN attempts?  Off the
> top of my head, I would say 5.

Sounds great, I'm down with 5.
-> wraithan then.  If wraithan is the wrong person, let me know. thanks. :)
Assignee: msandberg → xwraithanx
Keywords: uiwanted
Target Milestone: --- → 2012-11-08
Not part of the on-device requirements for ship. Removing nom.
blocking-basecamp: ? → ---
Target Milestone: 2012-11-08 → 2012-11-29
Target Milestone: 2012-11-29 → 2012-12-06
Target Milestone: 2012-12-06 → 2012-12-13
Target Milestone: 2012-12-13 → 2012-12-20
Target Milestone: 2012-12-20 → 2013-01-03
Whiteboard: u=patron c=pmt p=2
We need this for the Jan 15th launch
Target Milestone: 2013-01-03 → 2013-01-10
Andym is going to take care of this while I work on the auth decorator.
Assignee: xwraithanx → amckay
https://github.com/mozilla/solitude/commit/0f6aa2
https://github.com/mozilla/solitude/commit/6337ca

Adds in locking, passing back to Wraithan.
Assignee: amckay → xwraithanx
Adding the unlock pin to this as a dependency because otherwise we'll be locking people out without ever letting them back in.
Depends on: 827580
Doing the front end for this today.
Whiteboard: u=patron c=pmt p=2 → u=patron c=pmt p=2 w=1
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Blocks: 825357
Pin lockout has been implemented.
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.