Brute Force?

  • Resolved shirtguy72

    (@shirtguy72)


    5 years, 3 months ago

    Just installed and working fine I guess…I did however test by entering wrong code 5 or six times…That brought me to question, does this plugin limit failed login attempts? I do have such a plugin active on site and it seems to be nullified by Two Factor Authentication

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author David Anderson

    (@davidanderson)

    Hi,

    No, there is no ‘limit attempts’ functionality; the nature of TOTP is that there are 1,000,000 possible codes and the correct one changes every 30 seconds. The server admin is going to notice someone trying to brute-force that a long time before they succeed; Microsoft research say that using TFA blocks 99.9% of automated attacks – https://www.zdnet.com/article/microsoft-using-multi-factor-authentication-blocks-99-9-of-account-hacks/ . But if you want to supplement it with something else, that’s not a problem – but you’ll need to report any malfunctions in that something else to its author, because it’s not possible to guess from here why something else might not be working correctly.

    David

    Thread Starter shirtguy72

    (@shirtguy72)

    Understood, resolved, thanks

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Brute Force?’ is closed to new replies.