A device should be banned after (x) failed login attempts
Problem to solve
Currently, any device can try to authenticate many times as it wants. This could allow brute force attacks.
Further details
It's necessary to establish a maximum amount of failed login attempts, after that, the device will be banned. This could prevent brute force attacks.
Proposal
- A feature to ban a device after a maximum amount of failed login attempts, this maximum amount could be modified in the system settings.
- The ban could be removed after an amount of time, this amount of time also could be modified in the system settings.
- Maybe it's necessary to save additional data like the current IP address of the device.