I am constantly concerned about my app`s security. I am always revising my privacy rules, visibility of some elements, blocking workflows based in users access and etc.
I would like to propose here a debate about Brute Force Attacks to know how you guys are protecting youselfs of it.
A common threat web developers face is a password-guessing attack known as a brute force attack. A brute-force attack is an attempt to discover a password by systematically trying every possible combination of letters, numbers, and symbols until you discover the one correct combination that works. If your web site requires user authentication, you are a good target for a brute-force attack.
The most obvious way to block brute-force attacks is to simply lock out accounts after a defined number of incorrect password attempts. Account lockouts can last a specific duration, such as one hour, or the accounts could remain locked until manually unlocked by an administrator.
However, account lockout is not always the best solution, because someone could easily abuse the security measure and lock out hundreds of user accounts. In fact, some Web sites experience so many attacks that they are unable to enforce a lockout policy because they would constantly be unlocking customer accounts.
Are you guys using reCAPTCHA?
What solution do you use in Bubble to prevent these attacks?