• Alan Bonnici
    0
    Hello,

    I would like to suggest an optional switch that prevents brute force attacks:

    * Tar pits - After each successive failure to log in the time for the next attempt increases.
    * Account lock - After a number of failed attempts the account is locked for a period of time
    * Access failure alert - An email is generated when a number of failed attempts take place.

    Hope this helps.
  • Joel
    0
    I like the first two suggestions. I can't imagine email alerts would ever be available other than behind a paywall.
  • Sergey N
    26
    Hello Alan,

    Thank you for suggesting it, from my side I can promise you to bring up those suggestions on our next Dev meeting and maybe they will get onto the development roadmap.



    Perhaps you are right, but there is a slight chance due to the fact that we use Amazon SES and this should be really hard to upkeep.
  • Joel
    0


    I could have worded it differently. I really meant to say "If such a feature could be done at all, it would certainly be behind a paywall.

    That is more of a teamviewer kind of feature. I would hate to see this product turn into a TV clone rather than its own distinct product.

    The other brute force resistant features i would think could strictly be implemented client side and fairly trivial to implement.
  • Sergey N
    26
    Well this is exactly the case where one typo changes the whole point :) Sorry Joel I meant

    and this shouldn't be really hard to upkeep.
bold
italic
underline
strike
code
quote
ulist
image
url
mention
reveal
youtube
tweet
Add a Comment