Failed Login Attempts Limit (Lock)

Question

Failed Login Attempts Limit (Lock)

Opened this issue 9 years ago · 3 comments

Lock the user’s account after a certain number of failed attempts (30 mins, 1 hour & so on).

If Encryptr doesn't have plan for this yet, i think it's a good idea to include this feature for added layer of protection/security.

Plus, "camera capture" on failed login attempts limit is a good addition.

Answer 1 · 2015-10-26T00:03:30.000Z

Agreed that Encryptr needs this. We’ll look into it for a 3.0 release.

Answer 2 · 2015-10-26T00:33:46.000Z

Thanks @helveticade. Yes it is a must feature. Great, this is a nice progress. Thanks!

Answer 3 · 2017-08-08T16:20:09.000Z

IMHO, this is the most serious issue with Encryptr right now. Given that users are encouraged to enter site URLs, usernames, passwords, credit card details, etc. and put them in a publicly accessible location, it seems crazy that anyone can make multiple attempts to gain access to such an account without any restriction or limitation, and without the owner of the account being notified.

Some form of 2FA/MFA (as outlined in issue #123) would go a long way to address this, but wouldn't remove the requirement to at least delay a potential intruder.