Brute-Force Protection

Brute-force attacks are a common method where an attacker focuses on a single user account and repeatedly tries different passwords, hoping to eventually guess the correct one. Our always-on Brute-Force Protection feature is designed to automatically detect and stop this activity.

How It Works

Our system monitors consecutive failed login attempts for each individual user account.
  1. Detection: After 10 consecutive failures for a single user from one IP, the system flags the activity as a potential brute-force attack.
  2. Block: The suspicious IP address is immediately blocked from making any more login attempts for that specific user account. This targeted block ensures other users, and the targeted user from other locations, are not affected.
  3. Notification: An email is automatically sent to the legitimate user, alerting them of the suspicious activity and the temporary block on their account from that IP.
User-Empowering SecurityThe email notification includes a secure link that allows the legitimate user to instantly unblock their account. This empowers them to take immediate control of their security without needing to create a support ticket.

The User Experience: What Happens During an Attack

  • The Attacker: Is immediately blocked from making further attempts from their IP address.
  • The Legitimate User: Receives an email titled “Your account has been blocked”. They can review the suspicious activity and, if it was them (e.g., they forgot their password), they can click the unblock link. If it wasn’t them, they are alerted to the threat and can take action, such as changing their password.
  • Your Team: Is protected from an account takeover, and your user is empowered to manage the situation, reducing your support load.

What to Do if You’re Blocked

If you or one of your users are blocked due to legitimately forgetting a password:
  1. Check your email for the “Account Blocked” notification.
  2. Click the “Unblock Account” link within the email.
  3. If you still cannot remember your password, use the “Forgot Password” link on the login page to securely reset it.