Page MenuHomePhabricator

Log / alert on too many failing logins / Throttling login attempts
Open, MediumPublic

Description

We'll probably always have users without an second factor (as the identity management will also apply to users which only want to log into wikitech), so we should investigate options to alert on failing logins (password probing).

In addition CAS supports throttling of connections and throttling for failed connections, which we should investigate.
https://apereo.github.io/cas/6.0.x/installation/Configuring-Authentication-Throttling.html