[keycloak-dev] Brute force attack protection
Bill Burke
bburke at redhat.com
Fri Mar 14 13:40:15 EDT 2014
The only good way to protect against brute force attacks is CAPTCHA or
IP Address ACLs. If you implement a delay, you can just have a
multi-threaded attack. If you disable the account after a number of
failed attempts, then you can have a DoS attack and bring down the whole
site.
On 3/14/2014 11:49 AM, Bill Burke wrote:
> FYI Working on Brute force login attack protection today. Last thing
> I'll do until I spend a week on Resteasy.
>
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
More information about the keycloak-dev
mailing list