Allow us to config the default triggers of Brute Force Detection!

aj1337 · February 28, 2020, 11:50pm

Please allow us to config the default triggers of Brute Force Detection!

The following triggers are insane!

A trigger occurs when there are 100 failed login attempts from one IP address using different usernames with incorrect passwords in 24 hours.

Another trigger occurs if there are 50 sign up attempts per minute from the same IP address.

I want 10 failed login attempts from one IP and the same thing on sign up.

rashid779939 · March 1, 2020, 12:55pm

Hi @aj1337,

Welcome to the Community

See following documentations for brute force. Please note the default configurations for brute force cannot be changed however you can enable/disable the blocking feature.
https://auth0.com/docs/anomaly-detection/references/brute-force-protection-triggers-actions

konrad.sopala · March 2, 2020, 8:22am

Yep that is correct.

aj1337 · March 2, 2020, 8:31am

This is not the solution I am looking for

Auth0 should have a settings that allows us to configure the number of attempts per minute from the same IP.

50 sign up attempts is too huge so I want to make it like 10 sign ups.
100 failed login attempts is too huge as well. I want to make it like 10 failed login attempts.

rashid779939 · March 2, 2020, 9:55am

Well, the default setting doesn’t allow this but may be in some special circumstances some customization can be provided.
@konrad.sopala Please respond if it is possible.

konrad.sopala · March 2, 2020, 10:49am

10 is only for failed login attempts. It’s not possible to customise the experience. In that case I encourage you to file a feature request for our product team. You should be contacted by one of our product managers within 10 business days. Make sure to provide whole context about your usecase.

Here’s the form:

aj1337 · March 2, 2020, 11:13am

And how long would it take for Auth0 to implement this? if I request this feature?

konrad.sopala · March 2, 2020, 12:11pm

There’s no definite answer to that. It lands in product backlog and then is distributed to appropriate team. The faster it gets implemented the more people advocate for it.

ramzij · April 23, 2020, 7:46pm

Hi,

We have similar needs where our SOC2 compliance auditor required us to block the user after 5 failed attempt (not 10). I am wondering if Enterprise license provide more access to control that policy since Enterprise license is SOC2 compliance.

There is also a discussion in another thread Detect invalid login attempts and lock user in a rule - #6 by mgreene about a custom rule to address similar needs.

The question that was not answered there was how to obtain the information that the current attempted failed login was the nth consecutive occurrence so we can take action in the rule.

Thanks

Topic		Replies	Views
Detect invalid login attempts and lock user in a rule Help	7	10085	September 3, 2019
Block ip once after 5 incorrect logins in 10 minutes Help login	5	3729	August 26, 2019
Trying to unsuccessfully login 20 times doesn't throw too_many_attempts exception anymore? Help auth0 , too_many_attempts-no , brute-force	11	4531	April 13, 2021
Block user after 3 attempts of login Help login	7	7522	May 22, 2019
Lock user after X attempts of login and unlock after a set Time Help	2	9213	January 26, 2023

Allow us to config the default triggers of Brute Force Detection!

Related topics