DEV Community

DEV Community is a community of 555,288 amazing developers

We're a place where coders share, stay up-to-date and grow their careers.

Create new account Log in
loading...

Discussion on: Do password rules impact security?

View post Full discussion

Replies for: Great, so now you can ban any user you want my spamming requests to the password endpoint so they get temporarily banned.

Collapse
antonfrattaroli profile image
Anton Frattaroli

Can rate limit by ip address as well as by user. Could also leverage machine learning to detect anomalies in auth rate.

Thread Thread
perttisoomann profile image
Pert Soomann

IP limiter is another good option too yes.

Also, you don't have to email user that their account has been suspended for 15 minutes every single time.