moderated Limit Number of Unsuccessful Logins #suggestion

Mike Hanauer

It appears to me that has no limit on consecutive unsuccessful logins. This leaves the site open to people and bots guessing passwords and, especially then using them on other (often financial) accounts of the user. This is a major web security problem. This can also overwhelm the web servers.

If true, I would suggest a limit of 4 or 5. After that, perhaps validate via an email or some other method.


Join to automatically receive all group messages.