Haiilo offers brute force protection, which ensures that users with too many failed login attempts are blocked. Enabling this feature is a protection mechanism against hacker attacks. By default, brute force protection is disabled in your Haiilo platform.
When brute force protection is enabled, a user is immediately blocked after entering a set amount of attempts. The user can:
- Wait until the lockout period expires and then try to log in again. The user is informed of how long they must wait.
- Request a reset password link and create a new password. This also only works after the lockout period has expired.
- Contact the admins and ask them to manually unlock the account.
Enable brute force protection
To enable brute force protection, you require the "Access to administration" and "Management of security settings" permissions.
- Go to Administration > Security > Brute force protection.
- Check Activate brute force protection
- Set how many failed attempts are allowed before the user is blocked.
- Set how long incorrect attempts are remembered. If left empty, attempts are remembered until the next correct login.
- Set how long the blocking period should last. If left empty, the user remains locked until he is unlocked by an admin.
- Select Save
Unblock a user
An admin can view a list of all blocked users from Administration > Security > Brute force protection. To unblock a user, select the three dots in the row followed by Unblock.