Warn user after three failed login attempts

0
Hi. Currently, user is blocked after 3 failed login attempts. Error message displayed to user is same even after 4th or 5th etc. login attempts, even if they use proper credentials. This is confusing for user. At the same time, in console of the Modeler, I can see the log message saying something like: " user failed to login for the third time and therefore is blocked now for approximately 5 minutes". Wouldn't it be great if the use could see similar message after 3rd failed login, so that they know what is wrong. Is there a way to achieve this? Thanks.
asked
4 answers
0

It's a security best practice to give as little information as possible why authentication fails: Mendix's implementation follows the best practice.

If you want to create your own error messages, you can customize your login page, using the authentication widgets Mendix supplies out of the box.

answered
0

Hi Rom.

Thanks for your swift reply. I'm afraid you did not quite understand my question, though.

My client requires this feature. I know what best security practices are, and I am using customized login page, no problems with this. I just want somehow to get the number of failed login trials (which is in system.user entity) and check if it is 3 or more, to display the user appropriate message.

So far I did not find the proper way. I installed the Signin Microflow module, but this allows costumization of the login process ONLY after the user signed in,.

So, again: I'd like to count the number of failed login trials for a username and display appropriate message to user after this count is 3 or more and user is blocked.

Thanks for your patience.

answered
0

Hi Dusan, try the Failedlogins attribute on system.User

answered
0

You should be able to handle this with a custom login handler

There is an older example here: https://bartgroot.nl/mendix/custom-checks-on-login/

not sure if this code is still working, I haven't used this for a while.

regards, Fabian

answered