Security Tip: Rate Limited Logins
[Tip#12] It's easy to guess passwords if your app doesn't rate limit attempts...
Welcome to 2022, I hope you all had a great New Years, and that 2022 treats you well! My big goal for this year is to grow Laravel Security in Depth. We currently have 500 (free+paid) subscribers in the community from the last 4 month, and I’d love to see that grow to over 2,000 this year1. 😁
This week we’re continuing our passwords theme by looking at rate limiting, where it is one of the key pieces in protecting user accounts.
Rate Limited Logins
A password is the most important thing protecting a user account. But if that password is guessable, someone could come along and figure it out, to gain access. It’s important to encourage users to use strong random passwords, but not every user will and you need to put extra protections in place to keep these users protected. One such way to that is through Rate Limiting Login Attempts.
Keep reading with a 7-day free trial
Subscribe to Laravel Security In Depth to keep reading this post and get 7 days of free access to the full post archives.