prevent local account from password brute force attack

we need the possibility to prevent ldap imported users from a brute force attack.

Disabling ldap users through failed login attempts is no possibility for us, since we don't want our users to be disabled through a world wide available web site.

simple solution for example could be an increasing timeout per failed login attempt, e.g. 10 sec. for the first wrong attempt, 1 Min for the second ...

1 Comment
Community Manager
Community Manager

Hello Tony

thank you for your idea to improve FirstSpirit. It is important for us to learn from the experiences of our customers and partners. For this reason we appreciate feedback and any suggestion.

We have evaluated the issue once again, but have no plans for a realization in the near future. Therefore, we cannot consider your feature request at this time.

You can find more details about our feature selection process in our Features Policy.

Best regards