Brute Force Blocking Mechanism
Overview
cidaas lets you configure the blocking mechanism to detect and prevent malicious app login attempts. With this feature, cidaas alerts your users of suspicious activity and blocks further login attempts after the configured number of attempts for the defined duration. You can set your preferences for the notifications sent to your users, and even block a suspicious IP address.
How is a malicious login attempt identified and triggered?
cidaas supports shields against anomalies and attacks which trigger action(s) once the allowed number of login attempts are surpassed.
A trigger is an indication of a suspicious event detection, and happens with multiple failed login attempts on your enterprise application login or third-party service page.
What's a Brute Force Attack?
A brute force attack uses trial-and-error to guess login info, encryption keys, or find a hidden web page. Hackers work through all possible combinations hoping to guess correctly.
These attacks are done by ‘brute force’ meaning they use excessive forceful attempts to try and ‘force’ their way into your private account(s).
This is an old attack method, but it's still effective and popular with hackers. Because depending on the length and complexity of the password, cracking it can take anywhere from a few seconds to many years.
Sometimes, an authorized user may face multiple failed login attempts while trying to access their account because of an invalid password. Standard IAM systems treat this as a Brute Force attack since they can't differentiate between an authorized and unauthorized user for failed login attempts.
Brute Force Protection
To protect against Brute Force attacks or multiple login attempts that may seem like a Brute Force attack, cidaas generates a trigger to auto-enable account protection.
The Trigger is generated when the configured threshold limit for failed login attempts is crossed on a single account from the same IP address.
Note: If a user with "user_id1" signs in from IP address-1 and fails to login consecutively after x attempts, their login from this IP address will be blocked. Another user, "user_id2" signing in from IP address-1 will not be blocked.Key Considerations for Handling Failed Login Attempts
- The login will be blocked for "X" minutes, where "X" can be configured on the cidaas Admin dashboard. If the user enters an incorrect password more than twice, the system prompts for captcha confirmation, and after "Y" login attempts ("Y" is what the admin has configured) have surpassed, the account will be blocked.
- The duration post which the login is enabled again is not displayed for security reasons. The login will be automatically activated after "X" minutes.
- Also, the remaining blocking time is not displayed by cidaas since it makes it easier for a potential attacker to retry login efforts, and we want to reduce this security risk.
- To configure the duration and number of login attempts on the cidaas Admin Dashboard, follow these steps:
- Navigate to Settings > Brute Force Prevention > Blocking Mechanism.
- Click the + Create Blocking Mechanism button.
- In the Blocking Mechanism Settings window, set the required duration for Blocking duration in hours field for your app's blocking settings
Note: The lock mechanism works for the cidaas default interface. In case of custom interfaces, the response must be handled appropriately using mechanisms like captcha verification on the login page. - The user or admin cannot manually cancel the lock with a click. The account can be explicitly unblocked by the cidaas backend team upon request.
Mapping Blocking Mechanism to your Application
After configuring the above options for blocking mechanism, you can map it to an app on the cidaas Admin Dashboard. Here's how you can do this.
- Click the App Settings tab in the Edit Blocking Mechanism window.
Should you have any questions or need further assistance, please contact our support team.
We'll be happy to help. Thank you!