Written by iboguev the 15 Mar 10 at 07:41.

It would be great if some sort of brute force admin interface password guessing prevention mechanism is put in place. Examples of it would be to have the attacked account locked out for X minutes after a number of failed authentication attempts are detected.

Or the authentication process can be automatically delayed with XX seconds if a brute force attack is detected. This will be enough to slowdown an attacker to a level where the brute force attack would not be feasible. This can be combined with password complexity rules and will have minimal user impact.

An additional feature can be to send an email alert to the admin if brute force attack is detected.

It would be great if some sort of brute force admin interface password guessing prevention mechanism is put in place. Examples of it would be to have the attacked account locked out for X minutes after a number of failed authentication attempts are detected. Or the authentication process can be automatically delayed with XX seconds if a brute force attack is detected. This will be enough to slowdown an attacker to a level where the brute force attack would not be feasible. This can be combined with password complexity rules and will have minimal user impact. An additional feature can be to send an email alert to the admin if brute force attack is detected.