Hi,
How can we Administrators of ERPNext know that a user has tried more than 3/5 times to login and did not succeeded?
By checking the Authentication Log but why does not the system informs the Admin of the wrong attempts and lock the account for XXXX amount of time.
This should be a security concern.
Will do so.
I have done.
Theres already an issue in place for this
https://github.com/frappe/frappe/issues/1645
Add a thumbs up to show interest.
Thanks.
This the one I’ve opened and referenced yours too.
https://github.com/frappe/erpnext/issues/9005#issuecomment-304430588
Did not see this one implemented on the new version 8.2 ?
Has this gotten any attention?
Or at least, I would like to know if there is any logfile in the system where the attempts are logged, and we could use Fail2Ban to block after certain number of attempts