Clarification on brute force protection velocity

Hi there,

In the docs on Attack protection, there is a summary about brute force protection that I think is a bit unclear:

Brute-force Protection: **Velocity** of login attempts from an IP for a particular account. Detects when a bad actor tries to login to an account too many times within a period of time.

As velocity is change over time, I think the missing piece of information here is what period of time the login attempts are measured over. As far as I’m aware, the threshold of attempts can be configured, but not the time period, so it would be useful to know what the default time window is.

I saw in another community topic that “The incorrect attempt count reset will be triggered only after the user has successfully logged in”, so this implies that the time window is actually infinite - i.e. it doesn’t matter how long the user takes, but if they consecutively fail to log in up to the threshold number of attempts, they will be blocked regardless of the time period.

Could you clarify what the time period is?

Many thanks,

Hi @jo.humphrey,

The 30 day limit for blocks should also apply to the failed attempt counts. i.e. 30 day period for failed attempts.

Hope that helps!

1 Like

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.