Brute Force Protection Settings

From PeepSo Docs
Jump to: navigation, search

Starting from Peepso 1.10.5, we added new feature "Brute Force Protection" which it can prevent your site from password cracking and set your login site security in the high level. This feature is fully configurable as you get the following options in the Backend > PeepSo > Configuration > Advanced > Security > Login security:

Peepso Docs - Bruto Force Password Protection.png

Minimum password length

The above was introduced as a setting after a user pointed out on our registration there’s just a simple 6 character password being required. We made this configurable with a new default minimum of at least 10 characters per password.

The minimum password length is a new feature and not really related directly to the brute force settings. Nevertheless, it is related to login security. It doesn’t matter whether the brute force protection is enabled or not, the minimum password length setting is self-contained.

Enable login brute force protection

Enable login brute force protection feature

Block login after

Maximum failed attempts allowed.

Block for

hours:minutes - how long to block login attempts after the above limit is reached.

Email Notification

Send an e-mail notification to the user, warning them about failed login attempts.

Enable additional block after

Additional security when users block themselves repeatedly.

Additional block length

How long to block login attempts when additional security is triggered.

Reset retries after

How long it takes for the system to "forget" about a failed login attempt.