Re: Brute force attacks

I go back and forth on this issue. Unlike CSRF, there's never going to be a one size fits all solution for this type of problem. Different organizations have widely varying requirements, and while I prefer rate limits, that won't satisfy the auditor whose checklist requires permanent lockout after

Re: Brute force attacks

Ok, we'll go ahead with researching this. Expect to hear back from us within the next 2-3 weeks (if not this upcoming week) Thanks, Rohit On Mar 5, 8:40 am, Rohit Sethi wrote: > Hi Russell, here are my thoughts on your points: > > 1. I do believe there should be something