[BlueOnyx:22840] Re: email username
Michael Stauber
mstauber at blueonyx.it
Mon Apr 22 01:06:06 -05 2019
Hi all,
> Have a look at your failed logins log via the gui, you will see most use
> the email address to try and brute force, or use a compromised password.
Exactly this. The username being one of the authentication tokens
(instead of the email address) adds a small extra layer of protection to
brute force logins. For my own servers I have Fail2ban tweaked so far
these days that a single failed login attempt with the email address
(instead of the user name) will ban the offending IP.
--
With best regards
Michael Stauber
More information about the Blueonyx
mailing list