How can we Administrators of ERPNext know that a user has tried more than 3/5 times to login and did not succeeded?
By checking the Authentication Log but why does not the system informs the Admin of the wrong attempts and lock the account for XXXX amount of time.
This should be a security concern.
Can you raise the Github Issue for this ?
Theres already an issue in place for this
Add a thumbs up to show interest.
This the one I’ve opened and referenced yours too.
Did not see this one implemented on the new version 8.2 ?
Has this gotten any attention?
Or at least, I would like to know if there is any logfile in the system where the attempts are logged, and we could use Fail2Ban to block after certain number of attempts