Add increasingly difficult altcha challenge after multiple failed logins #68

New issue

Closed

opened 2024-12-26 12:04:52 -05:00 by rainbownapkin · 3 comments

rainbownapkin commented

2024-12-26 12:04:52 -05:00

(Migrated from gitlab.com)

While normal logins shouldn't require a altcha challange, even if the user has miss-typed their password once or twice, several failed log in attempts on a single account should.

These altcha challenges should get increasingly computationally difficult until a maximum limit, which should slow down any brute forcing attacker to a crawl. Eventually causing the time to solve to take longer than the time to expire.

Challenge requirements should be reset after either a successful login, or a day after any failed log-ins

While normal logins shouldn't require a altcha challange, even if the user has miss-typed their password once or twice, several failed log in attempts on a single account should. These altcha challenges should get increasingly computationally difficult until a maximum limit, which should slow down any brute forcing attacker to a crawl. Eventually causing the time to solve to take longer than the time to expire. Challenge requirements should be reset after either a successful login, or a day after any failed log-ins

rainbownapkin commented

2024-12-26 12:04:52 -05:00

(Migrated from gitlab.com)

added #35 as parent issue

rainbownapkin commented

2024-12-26 12:11:04 -05:00

(Migrated from gitlab.com)

changed the description

rainbownapkin (Migrated from gitlab.com) closed this issue

2024-12-26 17:53:34 -05:00

rainbownapkin commented

2024-12-26 17:53:35 -05:00

(Migrated from gitlab.com)

Basic bruteforce detection added, 5 failed logins now requires increasingly difficulty captcha, 200 failed logins locks out user account: 9c18c23ad5

Basic bruteforce detection added, 5 failed logins now requires increasingly difficulty captcha, 200 failed logins locks out user account: 9c18c23ad566199e394e0fc37ba625bfe03ee062