[Feature] User lock out for 5 minutes if more than 3 login failures are detected within 5 minutes #18861
Closed
norcino
started this conversation in
Feature Request
[Feature] User lock out for 5 minutes if more than 3 login failures are detected within 5 minutes
#18861
Replies: 1 comment
-
|
You can handle this with tools like fail2ban. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
I have searched the existing feature requests, both open and closed, to make sure this is not a duplicate request.
The feature
In order to prevent brute force attacks, which attackers can perform to crack the passwords, it is recommended to introduce a configurable lock out after a certain amount of login failures are detected in a certain time span.
The implementation can rely on a simple memory cache to keep the count of failed logins, using the cache TTL.
The failures should not be removed from cache even on successful logins as this might help attackers when genuine users logs in.
Also the block bound to the username, can be saved in cache and kept for as long as the TTL is set.
Platform
Beta Was this translation helpful? Give feedback.
All reactions