Skip to main content
How does EngagementHQ mitigate against brute force attacks?

Replay attacks. Rate limiting. Account lockout.

Gayathri Rajendiran avatar
Written by Gayathri Rajendiran
Updated over a week ago

In addition to using CSRF tokens for authenticated routes throughout the EngagementHQ platform, we prevent brute-force attacks through the following:

  • We protect the registration endpoint from replay attacks by applying rate-limiting of 60 requests per IP Address, per processor. At current settings, this means the maximum number of requests allowed per IP is 120 requests. Should we scale up our services the number of requests will increase proportionately but still serves the purpose of preventing the possibility of brute-force attacks.

  • We protect the login endpoint from brute-force attempts by locking user accounts after 5 failed attempts. Lockouts are for 30 minutes unless manually unlocked by the users.

Did this answer your question?