View Issue Details

Jump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
0009271Talerlibeufin-bankpublic2024-10-15 17:512024-10-15 18:29
ReporterAntoine A Assigned ToAntoine A  
PriorityurgentSeverityfeatureReproducibilityN/A
Status assignedResolutionopen 
Target Version1.0 
Summary0009271: Lockout policy
DescriptionEvery bank account should have a password authentication attempt counter that blocks the account after N failed attempts.
When an account is blocked, existing tokens still work, but password authentication no longer does.
It's also important not to perform password hashing when an account is blocked, as we also want to become more DOS-resistant.
TagsNo tags attached.

Relationships

related to 0009272 assignedAntoine A Password recovery and account unlocking 
child of 0009269 assignedAntoine A Password and lockout policy 

Activities

There are no notes attached to this issue.

Issue History

Date Modified Username Field Change
2024-10-15 17:51 Antoine A New Issue
2024-10-15 17:51 Antoine A Status new => assigned
2024-10-15 17:51 Antoine A Assigned To => Antoine A
2024-10-15 17:51 Antoine A Relationship added child of 0009269
2024-10-15 18:29 Antoine A Relationship added related to 0009272