What fields must be included in the database table for user authentication?

Question

What fields must be included in the database table for user authentication?

I am creating a table for user identification. What fields should be included in this table? How minimal is the ability to track user credentials, track failed login attempts to lock an account, actually lock accounts, etc.

+1

authentication database

pc1oad1etter May 21 '09 at 12:04

a source to share

2 answers

Locking: A simple "IsLocked" and "LockTime" is enough for the user. Every time they try to login, check the lock and if it is within X LockTime, disable it, otherwise set IsLocked false.

The Simples method for tracking login attempts is to have a LoginAptempt and LastLoginAttemptTime account - when they register with setAnailAttempt = 0, otherwise, if they fail at login, increment by 1 and set LastLoginAttemptTime. If they try again, increase and set the time again.

The credentials you store depend on the type of system - most are just username, password and email, but the financial system can use DoB and password reset questions as well.

+1

Luke Schafer May 21 '09 at 12:13

a source to share

Jeff · Accepted Answer · 2009-05-21T00:10:39+0000

UserID
password
last login date
create date
password expiration date
Locked
Status

What fields must be included in the database table for user authentication?

More articles: