Using Captcha for failed logins
Captcha is a tool that prevents brute force attacks on the Bamboo login screen. A brute force attack occurs when an attacker uses malicious code to make automated, repeated login attempts on a Bamboo site with the aim of gaining access to that Bamboo site.
A Bamboo system administrator can configure Bamboo to block automated login attempts. Once a certain number of failed login attempts has been reached (the default is three) Bamboo's Captcha feature will be activated. When Captcha is activated, users will need to recognize a distorted picture of a word and must type the word into a text field. This is easy for humans to do, but very difficult for computers.
To enable (or disable) Captcha for Bamboo:
- Click theicon in the Bamboo header and choose Overview.
- Click Security Settings (under 'Security') in the left navigation panel to open the 'Global Security and Permission Properties' page.
- Click Edit on this page.
- Select (or clear) the Enable Captcha check box.
- If required, specify the number of failed login attempts permitted by Bamboo before Captcha is activated. (This field is mandatory and requires a value of 1 or more.)