lcpojr
commented
3 years ago We already have an minimum brute force protection by blocking the user temporarily. Now we have to start testing it and see if it works in larger number of attempts.
Open lcpojr opened 3 years ago
lcpojr
commented
3 years ago We already have an minimum brute force protection by blocking the user temporarily. Now we have to start testing it and see if it works in larger number of attempts.
We have to block an subject that fails on sign in continuously temporarilly. This will help a lot to prevent this kind of attack because any attempt after subject be blocked will not succeed.