diff --git a/mintlify/administration/2fa.mdx b/mintlify/administration/2fa.mdx index 83b7907a..0277c639 100644 --- a/mintlify/administration/2fa.mdx +++ b/mintlify/administration/2fa.mdx @@ -4,6 +4,10 @@ title: Two-factor Authentication Two-factor authentication (2FA) provides an extra layer of security for member accounts. When signing in, you will be required to enter the security code generated by your Authenticator App. + +Bytebase implements rate limiting during MFA verification to protect against brute force attacks. Users are allowed a maximum of **5 failed MFA attempts within a 5-minute window**. The MFA temporary token expires after 5 minutes. See [Sign-in Restriction](/administration/sign-in-restriction#rate-limiting-for-login-attempts) for more details. + + ## Configuring 2FA using a TOTP mobile app ### Step 1: Download a TOTP app diff --git a/mintlify/administration/sign-in-restriction.mdx b/mintlify/administration/sign-in-restriction.mdx index 8a3de9fe..d30b0ab9 100644 --- a/mintlify/administration/sign-in-restriction.mdx +++ b/mintlify/administration/sign-in-restriction.mdx @@ -2,6 +2,23 @@ title: Sign-in Restriction --- +## Rate Limiting for Login Attempts + +Bytebase implements rate limiting to protect against brute force attacks on user authentication. The system automatically tracks and limits failed login attempts: + +### Password Authentication Phase +- **Maximum attempts**: 10 failed attempts +- **Time window**: 10 minutes +- After exceeding the limit, the account will be temporarily locked + +### Multi-Factor Authentication (MFA) Phase +- **Maximum attempts**: 5 failed attempts +- **Time window**: 5 minutes +- After exceeding the limit, the MFA verification will be temporarily locked +- MFA temporary token expires after 5 minutes + +These security measures help protect user accounts from unauthorized access attempts while ensuring legitimate users can still access their accounts. + ## Sign-in Frequency **Sign-in Frequency** specifies the period that users are required to sign in again.