Educause Security Discussion mailing list archives
Brute force credentials protection
From: Mike Dronen <mike.dronen () MINNETONKASCHOOLS ORG>
Date: Mon, 4 Mar 2019 13:03:50 -0700
All - Looks like it's been a while since this topic has come up in the forum. I'm wondering how you protect against brute force password attempts, i.e. two-factor auth. In our environment we set an attribute in AD to lock the user account for a prescribed period of time after four failed attempts. This appears to work for us. Just wondering if there are other mechanisms just as good or better? Thanks.
Current thread:
- Brute force credentials protection Mike Dronen (Mar 04)
- Re: Brute force credentials protection Maud, Phil (Mar 05)
- Re: Brute force credentials protection Laverty, Patrick (Mar 05)
- Re: Brute force credentials protection Dexter Caldwell (Mar 05)
- <Possible follow-ups>
- Re: Brute force credentials protection Mike Dronen (Mar 05)
- Re: Brute force credentials protection randy (Mar 05)
- Re: Brute force credentials protection Brad Judy (Mar 05)
- Re: Brute force credentials protection Tom Horton (Mar 05)
- Re: Brute force credentials protection Greg Williams (Mar 06)
- Re: Brute force credentials protection randy (Mar 05)
- Re: Brute force credentials protection Francisco Chavez (Mar 05)
- Re: Brute force credentials protection Maud, Phil (Mar 05)