Idea: 2FA and brute force protection when entering wrong password #5436
Replies: 4 comments 1 reply
-
|
update: there are some great ideas here using fail2ban: |
Beta Was this translation helpful? Give feedback.
-
|
You can do this by setting up oauth to a server that offers these features. |
Beta Was this translation helpful? Give feedback.
-
|
I'm going to try and set something up. I'll look at oauth as well as some ideas in the thread i linked above. I was thinking if they just add a simple rate limit that increases after failed attempts from same ip, or slow down the login just a little (add a few seconds per login attempt after x number of failed tries), that might help prevent against an attack that just brute forces the password. |
Beta Was this translation helpful? Give feedback.
-
|
2fa would be a nice addition |
Beta Was this translation helpful? Give feedback.
-
|
We're not going to build an entire auth system into immich. For those types of features we support integration with an external auth system via OAuth 2. |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
This is low on the priority list, but limiting how many times a password is entered, plus slowing down login attempts would be wise to do for security.
Also, if there was a way to set up 2FA maybe using an app, when logging in after x days or from a new client.
Beta Was this translation helpful? Give feedback.
All reactions