moderated Limit Number of Unsuccessful Logins #suggestion


Mike Hanauer
 

It appears to me that groups.io has no limit on consecutive unsuccessful logins. This leaves the site open to people and bots guessing passwords and, especially then using them on other (often financial) accounts of the user. This is a major web security problem. This can also overwhelm the web servers.

If true, I would suggest a limit of 4 or 5. After that, perhaps validate via an email or some other method.

AllTheBest.

Join main@beta.groups.io to automatically receive all group messages.