This is the first time I've seen the first 2 steps documented. I've tried numerous password authentications including a fix for "brute force" logins but was never able to get the scripts to work at the point of validating logins. Don't know why this bit wasn't in other related posts.
Thanks Trudy for the link. With this new info I can go back and explore solutions for a few of the issues the security team has been having panic attacks about.
From the link:
1) Add the following Site Configuration parameter
DISABLE_PASSWORD_OTA_ENCRYPTION = Y
2) Secure the Customization>Workflow so the code can not be altered
• Click Tools>Customize>Groups
• Select the Group(s)>Administration
• Uncheck "Setup Workflow"
