Enabling brute force protection

You can enable brute force protection as a security measure and protection mechanism for your platform. Using brute force protection ensures that users with too many failed login attempts are blocked from accessing. By default, brute force protection is disabled in your platform.

When brute force protection is enabled, you are immediately blocked after a defined amount of login attempts. After being blocked, you can:

  • Wait until the lockout period expires, and then try to log in again. You are informed of how long you need to wait.
  • Request a reset password link and create a new password. This also only works after the lockout period has expired.
  • Contact the admins and ask them to manually unlock your account.

Haiilo's brute force protection is only available for users logging in locally with a username and password. It is not available for users logging in using an authentication provider. To inquire about brute force protection in your authentication provider, contact your company's IT department.

Enable brute force protection

You need the "Manage security" permission to enable brute force protection.

  1. Go to Administration > Security > Brute force protection.
  2. Check Activate brute force protection
  3. Define how many failed attempts are allowed before the user is blocked.
  4. Define how long incorrect attempts are remembered. If left empty, attempts are remembered until the next correct login.
  5. Define how long the blocking period should last. If left empty, the user remains blocked indefinitely or until an admin unlocks him.
  6. Select Save

Unblock a user

Admins can view a list of all blocked users in Administration > Security > Brute force protection. From the settings, they can unblock a user or view their profile.

brute force protection.png

Was this article helpful?