On Thu, May 5, 2016 at 10:02 PM, Omindu Rathnaweera <[email protected]> wrote:
> > > On Fri, May 6, 2016 at 8:04 AM, Johann Nallathamby <[email protected]> > wrote: > >> >> >> On Fri, May 6, 2016 at 12:09 AM, Prabath Siriwardana <[email protected]> >> wrote: >> >>> Currently, we have a policy to lock the user account after n number of >>> failed login attempts... >>> >>> Can we expand this to support following scenarios... >>> >>> 1. Lock the account - and unlock it after n number of munites >>> >> >> This is already available. >> > > An improvement for this functionality would be to increase the lockout > period with each consecutive failed attempt. > Yes.. +1 for doing this too.. > > Found [1] & [2] which have some guidelines for preventing brute force > attacks. > > [1] - > https://www.owasp.org/index.php/OWASP_Periodic_Table_of_Vulnerabilities_-_Brute_Force_Login > > [2] - https://www.owasp.org/index.php/Blocking_Brute_Force_Attacks > > Regards, > Omindu. > >> >> >>> 2. Present a captcha after n number of failed login attempts >>> >> >> This can be done. >> >> >>> 3. Slow down the login response after each failed login attempt >>> (increasingly) >>> >> >> Will have to read up more on this feature. >> >> Regards, >> Johann. >> >> >>> >>> >>> -- >>> Thanks & Regards, >>> Prabath >>> >>> Twitter : @prabath >>> LinkedIn : http://www.linkedin.com/in/prabathsiriwardena >>> >>> Mobile : +1 650 625 7950 >>> >>> http://blog.facilelogin.com >>> http://blog.api-security.org >>> >> >> >> >> -- >> Thanks & Regards, >> >> *Johann Dilantha Nallathamby* >> Technical Lead & Product Lead of WSO2 Identity Server >> Governance Technologies Team >> WSO2, Inc. >> lean.enterprise.middleware >> >> Mobile - *+94777776950* >> Blog - *http://nallaa.wordpress.com <http://nallaa.wordpress.com>* >> >> _______________________________________________ >> Architecture mailing list >> [email protected] >> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >> >> > > > -- > Omindu Rathnaweera > Software Engineer, WSO2 Inc. > Mobile: +94 771 197 211 > -- Thanks & Regards, Prabath Twitter : @prabath LinkedIn : http://www.linkedin.com/in/prabathsiriwardena Mobile : +1 650 625 7950 http://blog.facilelogin.com http://blog.api-security.org
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
