moderated Re: Limit Number of Unsuccessful Logins #suggestion

Mike Hanauer

So glad to hear there is a limit. Should it be lowered? Since I never reached it, my guess is yes. 

Consider Better, not Bigger. So many advantages. Just ask. USA adds a Chicago to our overpop each year.
"Still more population growth is not our way to a healthy community, a healthy planet, OR enjoyable cycling."


On Saturday, March 20, 2021, 06:19:45 PM EDT, Mark Fletcher <> wrote:

On Sat, Mar 20, 2021 at 3:15 PM Mike Hanauer via <> wrote:
It appears to me that has no limit on consecutive unsuccessful logins. This leaves the site open to people and bots guessing passwords and, especially then using them on other (often financial) accounts of the user. This is a major web security problem. This can also overwhelm the web servers.

We do indeed have a rate limiter on login requests. I won't say what the current limit is, but perhaps I should lower it.


Join to automatically receive all group messages.