Hi everyone, I just asked in this thread for the feature of blocking the user after 3 attempts of login
You can see there that anomaly detection is not the answer and the feature is not yet implemented.
I just think that maybe the social connection has that feature implemented. Does anyone know about the possibility of blocking the user when trying to login many times using incorrect password?
Anomaly detection is the closest to what you are looking for.
It blocks the user only after 10 attempts (not 3) and is based on IP addresses because if it just used the email address it would be very easy to do a DOS attack on a user (i.e. I can try your email address with an invalid password from my browser and block your account easily).
In the case of social connections, Auth0 delegates the authentication process to the social provider, so it’s their call on how to handle these type of attacks.