A typical 6 digit code is estimated to take ~11 hours to bruteforce, however if using a cloud compute type design (Azure,GCP,AWS), it is estimated that it can take only 2.5minutes to brute force. The OTP does rotate every 60 seconds but this does not make it impossible for this brute force to fail.
Running version 0.7.5
Is there a possiblity to add rate limiting to the One-time Password to protect against bruteforce attempts.
If login details are compromised an attacker could brute force the One-time Password. https://cwe.mitre.org/data/definitions/1216.html
A typical 6 digit code is estimated to take ~11 hours to bruteforce, however if using a cloud compute type design (Azure,GCP,AWS), it is estimated that it can take only 2.5minutes to brute force. The OTP does rotate every 60 seconds but this does not make it impossible for this brute force to fail.
Running version 0.7.5
Is there a possiblity to add rate limiting to the One-time Password to protect against bruteforce attempts.