CheatSheetSeries icon indicating copy to clipboard operation
CheatSheetSeries copied to clipboard
verified publisher icon OWASP

Authentication cheat sheet

Open jmanico opened this issue 3 years ago • 3 comments

We're not discussing login throttling as a way to stop detected automated login attacks, and yet, tbis is the most important dedense.

jmanico avatar Apr 13 '22 16:04 jmanico

You are talking about this section https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Authentication_Cheat_Sheet.md#protect-against-automated-attacks ?

sergiomarotco avatar Apr 14 '22 01:04 sergiomarotco

Yes, this section

mackowski avatar Apr 15 '22 08:04 mackowski

@sergiomarotco do you want to work on this?

mackowski avatar Jun 13 '22 09:06 mackowski

I'd like to work on this. I should be able to get a PR in sometime this week. Can you please assign it to me?

szh avatar Nov 01 '22 13:11 szh

We already have a section on Account Lockout. Can you elaborate on how login throttling is different?

szh avatar Nov 08 '22 19:11 szh

@jmanico do you think that we should something more than Account Lockout?

mackowski avatar Nov 21 '22 13:11 mackowski

The section : Account Lockout under the countermeasures of Automated attacks already explains the possible login throttling methods. What we can do is change the name to Login throttling. @jmanico & @mackowski I guess this can be the possible PR.

suyash5053 avatar Jan 18 '23 18:01 suyash5053

Yes, we can add 'Login throttling' to make it easier to search

mackowski avatar Jan 24 '23 08:01 mackowski