https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=25935 Bug ID: 25935 Summary: Use time-based mechanism for account lockout Change sponsored?: --- Product: Koha Version: unspecified Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 - low Component: Authentication Assignee: koha-bugs@lists.koha-community.org Reporter: dcook@prosentient.com.au QA Contact: testopia@bugs.koha-community.org CC: dpavlin@rot13.org Bug 18314 added account lockout for failed logins, but it's a hard lockout which doesn't expire. While this has benefits, it does add administrative overhead. A well-crafted brute force attack could lock out all users permanently at present. A time-based mechanism could unlock the account after 15 minutes or so, and further lockouts could get increasingly large lockout durations. -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug.