Feature Requests
Share ideas, discuss and vote on requests from other users in community
 

Banning clients for failed login attempts (similar to the admin)

Amir Zano shared this idea 9 months ago
Under Consideration

You may notice many failed login attempts to your clients and we would like to protect them from being hacked or something like that by banning clients for failed login attempts (similar to the admin) this feature is important and useful.

Vote for it.

Comments (8)

photo
1

+++

photo
1

must need this option

photo
1

Adding a vote for this, had actually opened a support request to have this added or a hook point we could use in order to implement this ourselves.

photo
1

As far as I'm aware this hasn't been added yet. This needs some attention.

photo
1

Hi,

Thanks for taking the time to submit this idea and for everyone's votes.

I'd just like to take a moment to speak about the benefits of Two Factor Authentication. With two factor authentication enabled, a malicious actor cannot access a client's account - even with the genuine password. Two factor can be made mandatory for clients to login via Setup > Staff Management > Two-Factor Authentication > Force Clients option.

If using DuoSecurity for two-factor authentication, you can even temporarily prevent further authentication attempts after a certain number of failures.

Please do continue to vote and comment on this suggestion.

photo
1

Clients cannot be expected to enable 2-Factor Authentication, nor should it really be enforced for clients. This is not a solution to the issue. I still don't understand why something so basic hasn't been implemented yet.

photo
1

If you're not going to add this - maybe add a PreLogin hook where developers can fail a login under certain circumstances. This would mean a developer can implement this themselves, but also bring many other possibilities at the same time.

photo
1

Hey John,

You can't force all clients to use 2-Factor Authentication why? simply not all clients using smartphones :)

So if we added this feature like the admin area it would be very good step and i think it's very easy to include it in a future update this will prevent anonymous clients accounts login attempts.

photo