Open clochix opened 8 years ago
Whatever the method (login screen, API request…), if wrong credentials are submitted, we should wait a little before answering, and before allowing another try.
Bcrypt encryption makes password checking slow. So it already prevents a little bit from brute force attack.
Whatever the method (login screen, API request…), if wrong credentials are submitted, we should wait a little before answering, and before allowing another try.