this post was submitted on 04 Jul 2025
5 points (100.0% liked)

Lemmy

13648 readers
3 users here now

Everything about Lemmy; bugs, gripes, praises, and advocacy.

For discussion about the lemmy.ml instance, go to !meta@lemmy.ml.

founded 5 years ago
MODERATORS
nutomic@lemmy.ml
5
[Suggestion] Enhance Security by Blocking Logins After Multiple Failed Attempts. (reddthat.com)
submitted 1 week ago by Pro@reddthat.com to c/lemmy@lemmy.ml
4 comments fedilink hide all child comments
 

Problem

Currently, anyone can attempt to brute-force user passwords almost effortlessly, even without advanced technical knowledge.

Proposed Feature

Introduce a setting that activates after a configurable number of failed login attempts. Users could choose to:

  • Block all further login attempts and automatically send a password reset email
  • Temporarily block login for a set duration (for example, 10 minutes)

Implementation

Once the failed-attempt threshold is reached, the system applies the user’s chosen block option. The counter resets upon successful login or after completing a password reset.

Benefits

This approach makes large-scale brute-force attacks impractical and takes a proactive step toward stronger account security.

~Rewritten with the help of AI for better formatting and clarity.~

you are viewing a single comment's thread
view the rest of the comments
[–] nokturne213@sopuli.xyz 1 points 1 week ago (2 children)

Enable 2fa

[–] Pro@reddthat.com 1 points 1 week ago

2FA cannot be applied in mass, while what I am talking about can.

Overall, this is as I said a proactive step to ensure the whole Lemmyverse stay secure.

load more comments (1 replies)