The plugin provides an option using which the admin can restrict the number of invalid 2FA attempts.
This feature is named Brute force protection where admin can set the limit the number of invalid 2FA attempt counts & duration of the locking period.
If the count of invalid attempts is exceeded the user will be locked out for the specific duration.
Within this period users will not be able to perform login again.
Please perform below steps for enabling Brute Force Protection
- Navigate to Two Factor Settings(2FA/TFA) tab.
- Select Enable Brute Force Protection for Jira
- Set Number of Attempts & User Locked out Period
- Save settings
Brute force protection is enabled for the system.
Note:- This brute force feature can consider only invalid attempts at 2FA & not invalid attempts at login.