How to recover a brute-force protected user account?

528 Views Asked by dokaspar At 19 January 2012 at 07:43

After a user has tried to login more often than the consecutive_failed_logins_limit and brute-force protection got enabled, what is the expected way to recover the account and reset the password? Does Authlogic expect manual resetting of the failed_login_count attribute in the users table by an administrator?

Original Q&A

There are 2 best solutions below

dokaspar On 06 February 2012 at 11:17 BEST ANSWER

Use failed_login_ban_for in the user session model to set the number of hours the user should be banned for (the default value is 2 hours).

Examples:

To ban for a day: failed_login_ban_for 24.hours
Permanent ban: failed_login_ban_for 0

Iain On 31 January 2018 at 14:55

You have the correct answer in your question.

Reset the failed_login_count value to 0

I have my consecutive_failed_logins_limit set to 5 and failed_login_ban_for 0.

I tried to log in with an incorrect password 6 times and then I got the account banned error message with the correct password or an incorrect one.

I manually reset the failed_login_count to 0 and then was able to log in using the correct password as normal.

I am planning to add a "unban" button to the user show view so an administrator can unban a user.

How to recover a brute-force protected user account?

There are 2 best solutions below

Related Questions in RUBY-ON-RAILS

Related Questions in AUTHLOGIC

Related Questions in USER-ACCOUNTS

Related Questions in LOGIN-CONTROL

Related Questions in BRUTE-FORCE

Trending Questions

Popular # Hahtags

Popular Questions