EngagementHQ

In addition to using CSRF tokens for authenticated routes throughout the EngagementHQ platform, we prevent brute-force attacks through the following:

We protect the registration endpoint from replay attacks by applying rate-limiting of 60 requests per IP Address, <i>per processor</i>. At current settings, this means the maximum number of requests allowed per IP is 120 requests. Should we scale up our services the number of requests will increase proportionately but still serves the purpose of preventing the possibility of brute-force attacks.

We protect the login endpoint from brute-force attempts by locking user accounts after 5 failed attempts. Lockouts are for 30 minutes unless manually unlocked by the users.

- We protect the registration endpoint from replay attacks by applying rate-limiting of 60 requests per IP Address, <i>per processor</i>. At current settings, this means the maximum number of requests allowed per IP is 120 requests. Should we scale up our services the number of requests will increase proportionately but still serves the purpose of preventing the possibility of brute-force attacks.
- We protect the login endpoint from brute-force attempts by locking user accounts after 5 failed attempts. Lockouts are for 30 minutes unless manually unlocked by the users.

Replay attacks. Rate limiting. Account lockout.

How does EngagementHQ mitigate against brute force attacks?

Home

Blog

Find answers and get help from Intercom Support and Community Experts

Empty Help Center

Uh oh. That page doesn’t exist.

Disappointed

Neutral

Smiley

Title

Track the progress of all tickets related to your company.

Tickets portal.

{assigneeName} needs more information from you