nicolasburtey
commented
3 years ago mostly done. still need a fibonacci backoff when an account has been temporarily suspend after too many attempts
Open nicolasburtey opened 3 years ago
nicolasburtey
commented
3 years ago mostly done. still need a fibonacci backoff when an account has been temporarily suspend after too many attempts
nicolasburtey
commented
2 years ago this could be a good security improvement on the login() api.
more documentation: https://github.com/animir/node-rate-limiter-flexible/wiki/Overall-example#dynamic-block-duration
at least there should be a temporary lock with a backoff. after 3 attempts. wait 1 min to login after 5 attemps, wait 10 min after 10, wait 1hour, etc
we way want to refactor the current lock/active to have also a temporary lock status with a deadline to have the account re-active.