📢 Moderators Needed 🚀

Moderators are needed with resources to post or have access to resources to post. Submit an application to be considered.

RSS Failed Passkey logins do not trigger login limit

Thread starter Kirby
Start date Wednesday at 3:43 PM

Kirby

Guest

Guest or Bot

Wednesday at 3:43 PM

If a client has more than 4 failed login attempts with username / email and password within 15 minutes the user account will be limited according to option loginLimit:

This option is not applied though if Passkey logins are performed.

While Passkeys are a lot less vulnerable for brute force attacks, it might still be useful to apply a limit.

Suggested Fix
Also apply the configured limit method for Passkey logins (Preferred)
or
Modify the...

Read more

Continue reading...

RSS Adverising and affiliate links

RSS xf-dev:generate-finders fails if directory Finder does not exist yet

Show hidden low quality content

You must log in or register to reply here.

D	RSS Passkey registration failed: invalid rpId hash danger@ Nov 27, 2025 Xenforo RSS Feed
P	RSS Image optimisation fails with gd-webp encoding failed Paul B Nov 2, 2025 Xenforo RSS Feed
K	RSS Adding, editing or removing passkey does not require user re-authentication Kirby Oct 29, 2025 Xenforo RSS Feed
X	RSS Passkeys are not deleted when a user Xon Oct 29, 2025 Xenforo RSS Feed
S	RSS Login via "Passkey" created on Yubikey 5 does not work Sim Nov 28, 2025 Xenforo RSS Feed

📢 Moderators Needed 🚀

RSS Failed Passkey logins do not trigger login limit

Kirby

Guest

We value your privacy