You can enable brute force protection as a security measure and protection mechanism for your platform. Using brute force protection ensures that users with too many failed login attempts are blocked from accessing. By default, brute force protection is disabled in your platform.
How does it work
When brute force protection is enabled, you are immediately blocked after a defined number of login attempts. After being blocked, you can:
- Wait until the lockout period expires, and then try to log in again. You are informed of how long you need to wait.
- Request a reset password link and create a new password. This also only works after the lockout period has expired.
- Contact the admins and ask them to manually unlock your account.
Haiilo's brute force protection applies solely to users logging in locally with a username and password. It does not extend to users signing in via an authentication provider. To ask about brute force protection for your authentication provider, reach out to your company's IT department.
Enable brute force protection
You need the "Manage security and privacy" permission to enable brute force protection.
- Go to Administration > Security & Privacy > Brute force protection.
- Check Activate brute force protection.
- Define how many failed attempts are allowed before the user is blocked.
- Define how long incorrect attempts are remembered. If left empty, attempts are remembered until the next correct login.
- Specify the duration of the blocking period. The maximum allowed blocked time is 24 hours, which means the input accepts values from 1 to 1440 (1440 minutes = 24 hours). If you leave it blank, it defaults to 24 hours. After the blocking period ends, the user can try logging in again.
- Select Save.