HomePhabricator

Rate limit multi-factor actions

Description

Rate limit multi-factor actions

Summary: Ref T4398. Prevent users from brute forcing multi-factor auth by rate limiting attempts. This slightly refines the rate limiting to allow callers to check for a rate limit without adding points, and gives users credit for successfully completing an auth workflow.

Test Plan: Tried to enter hisec with bad credentials 11 times in a row, got rate limited.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T4398

Differential Revision: https://secure.phabricator.com/D8911

Details

Provenance
epriestleyAuthored on
epriestleyPushed on Apr 30 2014, 9:30 PM
Reviewer
btrahan
Differential Revision
D8911: Rate limit multi-factor actions
Parents
rP535cfa3ebebe: Add `bin/auth list-factors` and `bin/auth strip` to remove multi-factor auth
Branches
Unknown
Tags
Unknown
Tasks
T4398: Implement two-factor authentication

Event Timeline