moderated Re: Limit Number of Unsuccessful Logins #suggestion


On Sat, Mar 20, 2021 at 3:15 PM Mike Hanauer via <> wrote:
It appears to me that has no limit on consecutive unsuccessful logins. This leaves the site open to people and bots guessing passwords and, especially then using them on other (often financial) accounts of the user. This is a major web security problem. This can also overwhelm the web servers.

We do indeed have a rate limiter on login requests. I won't say what the current limit is, but perhaps I should lower it.


Join to automatically receive all group messages.