moderated Re: Limit Number of Unsuccessful Logins #suggestion


Mike Hanauer
 

So glad to hear there is a limit. Should it be lowered? Since I never reached it, my guess is yes. 

Consider Better, not Bigger. So many advantages. Just ask. USA adds a Chicago to our overpop each year.
"Still more population growth is not our way to a healthy community, a healthy planet, OR enjoyable cycling."

    ~Mike


On Saturday, March 20, 2021, 06:19:45 PM EDT, Mark Fletcher <markf@corp.groups.io> wrote:


On Sat, Mar 20, 2021 at 3:15 PM Mike Hanauer via groups.io <MGHanauer=yahoo.com@groups.io> wrote:
It appears to me that groups.io has no limit on consecutive unsuccessful logins. This leaves the site open to people and bots guessing passwords and, especially then using them on other (often financial) accounts of the user. This is a major web security problem. This can also overwhelm the web servers.

We do indeed have a rate limiter on login requests. I won't say what the current limit is, but perhaps I should lower it.

Mark

Join main@beta.groups.io to automatically receive all group messages.