If a client has more than 4 failed login attempts with username / email and password within 15 minutes the user account will be limited according to option
This option is not applied though if Passkey logins are performed.
While Passkeys are a lot less vulnerable for brute force attacks, it might still be useful to apply a limit.
Suggested Fix
Also apply the configured limit method for Passkey logins (Preferred)
or
Modify the...
Read more
Continue reading...
loginLimit:This option is not applied though if Passkey logins are performed.
While Passkeys are a lot less vulnerable for brute force attacks, it might still be useful to apply a limit.
Suggested Fix
Also apply the configured limit method for Passkey logins (Preferred)
or
Modify the...
Read more
Continue reading...