Auth0 should have a settings that allows us to configure the number of attempts per minute from the same IP.
50 sign up attempts is too huge so I want to make it like 10 sign ups.
100 failed login attempts is too huge as well. I want to make it like 10 failed login attempts.
Well, the default setting doesn’t allow this but may be in some special circumstances some customization can be provided. @konrad.sopala Please respond if it is possible.
10 is only for failed login attempts. It’s not possible to customise the experience. In that case I encourage you to file a feature request for our product team. You should be contacted by one of our product managers within 10 business days. Make sure to provide whole context about your usecase.
There’s no definite answer to that. It lands in product backlog and then is distributed to appropriate team. The faster it gets implemented the more people advocate for it.
We have similar needs where our SOC2 compliance auditor required us to block the user after 5 failed attempt (not 10). I am wondering if Enterprise license provide more access to control that policy since Enterprise license is SOC2 compliance.
The question that was not answered there was how to obtain the information that the current attempted failed login was the nth consecutive occurrence so we can take action in the rule.