moderated Re: Limit Number of Unsuccessful Logins #suggestion
toggle quoted messageShow quoted text
So glad to hear there is a limit. Should it be lowered? Since I never reached it, my guess is yes.
Consider Better, not Bigger. So many advantages. Just ask. USA adds a Chicago to our overpop each year.
"Still more population growth is not our way to a healthy community, a healthy planet, OR enjoyable cycling."
On Saturday, March 20, 2021, 06:19:45 PM EDT, Mark Fletcher <email@example.com> wrote:
It appears to me that groups.io has no limit on consecutive unsuccessful logins. This leaves the site open to people and bots guessing passwords and, especially then using them on other (often financial) accounts of the user. This is a major web security problem. This can also overwhelm the web servers.
We do indeed have a rate limiter on login requests. I won't say what the current limit is, but perhaps I should lower it.