2013-03-13, 07:54:54
I want to implement some brute force protection for our logins.
I was thinking we could add a captcha after x many failed logins.
This makes it alot easier to handle than doing throttling delays which can open you up to dos attacks. Also avoid us having to do account locking which also can be a dos against a user.
Anyone have experience with captchas ?
I was thinking we could add a captcha after x many failed logins.
This makes it alot easier to handle than doing throttling delays which can open you up to dos attacks. Also avoid us having to do account locking which also can be a dos against a user.
Anyone have experience with captchas ?