I am wondering the best way to handle blocking computers after the users commit 5 wrong login attempts.
I was thinking to have it does by IP but then I started thinking what about if users were coming through a gateway and shared a common IP. I wouldn’t want to potentially block legimate users because someone else on the same network is entering incorrect data.
Cookies are another option but users can clear them from the browser so i think they would be very ineffective.
Can anyone else give me anymore ideas on this please?
Thanks Mic
I’ll do something like:
If user commit 5 wrong login attempts:
Block the users login for 15 [xxx] minutes (so if he try also if the password is correct it won’t work)
Add a captcha control, so others users can login without problem…
I’ll do that by IP and Username…
Simply save in the database the timestamp of the last wrong attempt followed by the incremental value of wrong attemps.
Then if he tries to login before a determinated time (let’s assume 15 mins) from last wrong attempt and
the incremental value is lower than the max login attempt, simply update the incremental value+1 and timestamp with the new timestamp
the incremental value is equal (or higher) you block the login attempt and increment the timestamp with new timestap