moderated Re: Limit Number of Unsuccessful Logins #suggestion


 

On Sat, Mar 20, 2021 at 3:15 PM Mike Hanauer via groups.io <MGHanauer=yahoo.com@groups.io> wrote:
It appears to me that groups.io has no limit on consecutive unsuccessful logins. This leaves the site open to people and bots guessing passwords and, especially then using them on other (often financial) accounts of the user. This is a major web security problem. This can also overwhelm the web servers.

We do indeed have a rate limiter on login requests. I won't say what the current limit is, but perhaps I should lower it.

Mark

Join main@beta.groups.io to automatically receive all group messages.