Brute force login protection
This page explains how to configure or disable Fisheye's brute force login protection.
Fisheye will protect against brute force login attacks by forcing users to solve a CAPTCHA form after a configurable number of consecutive invalid login attempts. By default, this functionality is enabled, and the number of invalid attempts is set to three.
Once a user logs in successfully, they will no longer be required to solve the CAPTCHA form.
Configuring brute force login protection
To configure brute force login protection:
- In the Admin area, click Authentication under 'Security Settings'.
- Scroll down to the 'Security settings' section at the bottom of the screen.
- Choose 'Use CAPTCHA for login' options. Your changes are applied immediately.
Brute force protection against remote API calls
Login requests by the Fisheye remote API libraries are also covered by the brute force protections. After the number of invalid attempts is exceeded (the default is three), then the remote API for that user will be prevented from making further login attempts (as that user will now be required to solve a CAPTCHA form through the web interface in order to log in).