I'm curious how the DEV developers(those interested in security) here would prevent malicious login attempts.
If a IP(e.g:
127.0.0.1) had failed to authenticate 3 or more times within a 12 hour period, block any further login attempts for 24 hours. This is global, this IP may not attempt to login to any accounts, not just that one account.
If 3 or more IPs have exceeded the 3 failed attempts on a specific account, all IPs are required to supply the federated account, on that specific account.
During those 24 hours of "blocked" login attempts, they are required to supply the account's federated account, such as an email(e.g:
If they supply the correct federated account, email in this case, the server will send a special randomly generated link to
firstname.lastname@example.org that email that temporarily lets you bypass the blocked login attempts.
That link is valid for a short amount of time, e.g: 5-15 minutes.
You provide your credentials and you're logged in. However if the credentials are invalid twice, set a cool-down time of 60 minutes before another link may be sent.
If the attacker has access to your email, then you have a lot more problems. But this thwarts brute-force attacks directly against your credentials, while still being able to gain access to your account.
Remember, the goal is to prevent malicious third-parties from attempting to gain access to the account, while not blocking access for the actual people.