Implement backoff multiplier for login attempts on Webapp

Problem to solve

Unable to configure an (exponential) backoff multiplier for failed login attempts in Webapp to enable login throttling.

Intended users

• Unknown

Further details

Use case:

1. Failed login
2. Wait for 1 minute to relogin (base wait time)
3. Failed login
4. wait 5 to re-login (base wait time * backoff multiplier)
5. ..... 10 times (pre-configured value)
6. Lock.

Proposal

In the : devise.rb

Add configuration to enable/disable loging backoff with base backoff and backoff multiplier and indication if it's exponential or not.

• Backoff enabled: true|false
• Base backoff: minutes
• Multiplier: number
• Exponential: true|false

Permissions and Security

Documentation

Testing

What does success look like, and how can we measure that?

Administrators are able to enable/disable and configure backoff for invalid login attempts on Webapp.

What is the type of buyer?

Links / references