[TYPO3-core] Remove/Reduce forced delay on failed BE logins

Jigal van Hemert jigal.van.hemert at typo3.org
Fri May 10 21:00:37 CEST 2013


On 10-5-2013 17:12, Steffen Müller wrote:
> There is a delay of 5 seconds when the BE login fails.
> I'd like to get rid of that or reduce the number of seconds, because
> a) IMHO waiting 5 seconds reduces usability
> b) Test automation heavily slows down.
> I know it is meant to slow down brute force attacks, but one could still
> drive multiple attempts in parallel.

Reducing security just like that is not an option for me.

a) the waiting period for a successful login and a failed login is 
roughly the same (perception). If you enter the correct login usability 
is no problem.

b) In what way does it slow test automation down? Are you testing failed 

> What's your opinion?

Maybe you can come up with a better alternative that:
- prevents brute force attacks
- cannot be circumvented

Jigal van Hemert
TYPO3 CMS Core Team member

TYPO3 .... inspiring people to share!
Get involved: typo3.org

More information about the TYPO3-team-core mailing list