Improper Restriction of Excessive Authentication Attempts

Phase: Architecture and Design

• Disconnecting the user after a small number of failed attempts
• Implementing a timeout
• Locking out a targeted account
• Requiring a computational task on the user's part.

Phase: Architecture and Design

Strategy: Libraries or Frameworks

Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.

Consider using libraries with authentication capabilities such as OpenSSL or the ESAPI Authenticator.