Allow us to config the default triggers of Brute Force Detection!

Please allow us to config the default triggers of Brute Force Detection!

The following triggers are insane!

A trigger occurs when there are 100 failed login attempts from one IP address using different usernames with incorrect passwords in 24 hours.

Another trigger occurs if there are 50 sign up attempts per minute from the same IP address.

I want 10 failed login attempts from one IP and the same thing on sign up.

Hi @aj1337,

Welcome to the Community

See following documentations for brute force. Please note the default configurations for brute force cannot be changed however you can enable/disable the blocking feature.
https://auth0.com/docs/anomaly-detection/references/brute-force-protection-triggers-actions

1 Like

Yep that is correct.

This is not the solution I am looking for :frowning:

Auth0 should have a settings that allows us to configure the number of attempts per minute from the same IP.

50 sign up attempts is too huge so I want to make it like 10 sign ups.
100 failed login attempts is too huge as well. I want to make it like 10 failed login attempts.

Well, the default setting doesn’t allow this but may be in some special circumstances some customization can be provided.
@konrad.sopala Please respond if it is possible.

10 is only for failed login attempts. It’s not possible to customise the experience. In that case I encourage you to file a feature request for our product team. You should be contacted by one of our product managers within 10 business days. Make sure to provide whole context about your usecase.

Here’s the form:

1 Like

And how long would it take for Auth0 to implement this? if I request this feature?

There’s no definite answer to that. It lands in product backlog and then is distributed to appropriate team. The faster it gets implemented the more people advocate for it.

Hi,

We have similar needs where our SOC2 compliance auditor required us to block the user after 5 failed attempt (not 10). I am wondering if Enterprise license provide more access to control that policy since Enterprise license is SOC2 compliance.

There is also a discussion in another thread Detect invalid login attempts and lock user in a rule - #6 by mgreene about a custom rule to address similar needs.

The question that was not answered there was how to obtain the information that the current attempted failed login was the nth consecutive occurrence so we can take action in the rule.

Thanks