As computer systems and particularly internet expand their
role in our daily lives, security in computer systems becomes more important,
and it’s a vital part of every programmer’s life to make his or her code
secure. This is bolder when you go online on the internet or intranet and
expose your application to more users and possible threats. The number of
security attacks by hackers and their catastrophic impacts (in terms of privacy
and money loss) has been increasing and we all can remember many of big
highlights that happened in the past few months such as several security
attacks to Sony PlayStation Network.
As an obvious consequence of these, security has been so
important for me, just like everybody else, so I always spend a lot of time to
reassure the security of my code and implement different mechanisms to prevent
hackers from hurting my online identity.
As development technologies have evolved and online software
have become bigger, newer techniques, methods, and tools are provided to
improve the security of applications at different levels ranging from securing
the programming languages to security mechanisms provided like those offered by
IIS.
Having these said, a few weeks ago my blog was the target of
a dictionary attack by a
hacker for almost 24 hours. The hacker, who supposedly thought that I don’t
have mechanisms for monitoring the accesses to my blog’s administration area,
had tried to perform a dictionary attack on my login page to get access to my
blog. This story ended up by me leaving a message for the hacker that was
probably read later and forced him/her to stop this pointless attack, however,
it made me extra-cautious about security so that I decided to take the security
of my websites to the next level! In this article I’m going to explain the
technique that I implemented, 2-step verification by phone, which is going to
become a common technique in the near future. Searching on the internet, there
wasn’t much information provided about this technique, especially for ASP.NET
developers, so I hope that this article can contribute and encourage other
developers to implement such mechanisms!