Skip to content

Commit 2f8ce11

Browse files
boojackclaude
boojack
and
claude
authored
docs: add rate limiting documentation for authentication (#924)
Added comprehensive documentation for rate limiting on login attempts: - Password authentication: 10 attempts in 10 minutes - MFA verification: 5 attempts in 5 minutes 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-authored-by: Claude <[email protected]>
1 parent 145b07d commit 2f8ce11

File tree

2 files changed

+21
-0
lines changed

2 files changed

+21
-0
lines changed

mintlify/administration/2fa.mdx

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -4,6 +4,10 @@ title: Two-factor Authentication
44

55
Two-factor authentication (2FA) provides an extra layer of security for member accounts. When signing in, you will be required to enter the security code generated by your Authenticator App.
66

7+
<Note>
8+
Bytebase implements rate limiting during MFA verification to protect against brute force attacks. Users are allowed a maximum of **5 failed MFA attempts within a 5-minute window**. The MFA temporary token expires after 5 minutes. See [Sign-in Restriction](/administration/sign-in-restriction#rate-limiting-for-login-attempts) for more details.
9+
</Note>
10+
711
## Configuring 2FA using a TOTP mobile app
812

913
### Step 1: Download a TOTP app

mintlify/administration/sign-in-restriction.mdx

Lines changed: 17 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,23 @@
22
title: Sign-in Restriction
33
---
44

5+
## Rate Limiting for Login Attempts
6+
7+
Bytebase implements rate limiting to protect against brute force attacks on user authentication. The system automatically tracks and limits failed login attempts:
8+
9+
### Password Authentication Phase
10+
- **Maximum attempts**: 10 failed attempts
11+
- **Time window**: 10 minutes
12+
- After exceeding the limit, the account will be temporarily locked
13+
14+
### Multi-Factor Authentication (MFA) Phase
15+
- **Maximum attempts**: 5 failed attempts
16+
- **Time window**: 5 minutes
17+
- After exceeding the limit, the MFA verification will be temporarily locked
18+
- MFA temporary token expires after 5 minutes
19+
20+
These security measures help protect user accounts from unauthorized access attempts while ensuring legitimate users can still access their accounts.
21+
522
## Sign-in Frequency
623

724
**Sign-in Frequency** specifies the period that users are required to sign in again.

0 commit comments

Comments
 (0)