Hello,
Is there anyway in which I can show a message to a user to "Try again later" after they have inputted incorrect credentials multiple times and locked themselves out of the client application and then try to login again during when they are locked out. Thankyou.
That is a security bad practice, as it "leaks" information--specifically that the username was valid. Authentication failures must deliver utterly bland rejections.
Hello,
I do not want to tell the user what part of the credentials were wrong. I just wanted to display to the user that they are in the lockout period and need to wait for x amount of time before they can try to log into the application again. Is there any way to achieve this? Thank you.
But what you are asking does do this. It indicates that the username was valid. An invalid username will never be locked out.
Unless they're asking for the entire IP to be blacklisted for that period of time. That's not how Ignition currently works, but if it did, would be an even more secure method to prevent credential/password "spraying" rather than just locking out a specific user.
I understood what you are trying to say. In case I wanted to alter the login failed message for my perspective/vision application, is there any provision to do so?