Add captcha on Brute Force

  

My project is using Dublin Theme, and currently, if you do brute force, after 3 attempts of login using wrong credentials, it will prevent you to log in for 60 minutes. I know it is adjustable from Service Center, but my company security section want to add Captcha in the 4th attempt if the user want to try it again, and remove the waiting time. I already figured it out how to use captcha using reCaptcha from the forge. Is there a way to do this? 

Thanks

Hello Raditya,


Check this KB article. Should answer all your questions.


Cheers

Armando Gomes wrote:

Hello Raditya,



Check this KB article. Should answer all your questions.


Cheers



Thanks for the reply, Armando

I've already mentioned that I know we can customize the waiting time and unblock users if they're blocked in service center, but I want to remove the waiting time and use a captcha before the login instead.

Is it possible to do that?

Solution

Hello Raditya,


On the mentioned KB, you have the reference to two site properties: EnableBruteForceProtection and EnableBruteForceProtectionPerIP.

Their description:

EnableBruteForceProtection: If enabled, each login attempt from a user will be validated against the login bruteforce protection mechanism

EnableBruteForceProtectionPerIP: If enabled, each login attempt from an address will be validated against the login bruteforce protection mechanism.


Have you tried disabling these properties? 

Solution

Ah, yes it work. Sorry I didn't realize that.

I will keep proposing the security team to keep the brute force protection from the system to turned on, because I believe that's the best practice for now.

Thanks, Armando