I have a question about multiple failed login attempts. As a web developer, I normally will lock the IP and account for a period of time.
Does Bitwarden have any notification or meditation against multiple failed login attempts?
Hey @Russell_82 this should help.
- hCaptcha for Failed Login Attempts: You’ll now receive an email and be required to complete hCaptcha validation if we detect 9 consecutive failed login attempts.
Example email notification
Edit: A bit more can also be found under the Threat Prevention and Response section of the Bitwarden Whitepaper
Bitwarden uses Cloudflare in order to provide a WAF at the edge, better DDoS protection, distributed
availability and caching.
@cksapp , Thank you for your quick reply. I like the fact that this additional layer of security exists.
There is also some additional rate limiting implemented (besides the hCaptcha requirement). The parameters controlling this behavior can be adjusted if you use a self-hosted server.