Web - increased security. 2FA for web login + temp block after x failed attempts
  • Two things that would be great to have for web access that would make it much more secure IMO:

    1 - One-time password (1Password, etc).

    2 - Block access from IP for m minutes after x failed attempts. Notify via email when this gets triggered.

    Hope that is not too difficult to implement. What do you think?

    Thanks, James.

  • Hi James,

    Thanks for the suggestions. SecuritySpy does already implement your second suggestion. After 3 failed login attempts, SecuritySpy will start to delay its responses to the client, with increasing delays. Then, after 16 failed attempts, SecuritySpy will block the client for 5 minutes. This basically makes brute-force password guessing attempts impossible, as long as your passwords are reasonably strong. When a client is blocked, a message is written to the web log with the IP address of the client (providing you have enabled the web log under Preferences > Web in SecuritySpy).

    As for 2FA, this isn't really compatible with SecuritySpy's current login mechanism, so would require major changes. We'll consider this for the future. However I would say that as long as you use strong passwords, and always connect to your SecuritySpy server using HTTPS, then you are very safe.
  • Thanks Ben, didn't know about the failed login block - that's fantastic.

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!