Re: brute force protection

For my long term plans I want it to be app based. To start with I want to give 3 tries and then lockout. For my use case this will work. Long term I like to add IP and move over to a captcha after 3 tries and a delay like 2^tryNumber. Brian -- You received this message because you are sub

Re: brute force protection

I agree to David, it is much better to do this at a server level instead of application level. If you want your app to take care of it, i think django-axes is the best solution, you'll just need to customize a few bits according to your needs. Even django-lockout

Re: brute force protection

This has definitely been discussed before[1], but I think it is worth discussing again. This issue has become even more pressing since the password hashing algorithm has increased its computational complexity significantly in 1.4. Because of that increased CPU utilization, a denial of service (