The plugin provides an option using which the admin can restrict the number of invalid 2FA attempts.
This feature is named Brute force protection where admin can set the limit the number of invalid 2FA attempt counts & duration of the locking period.
If the count of invalid attempts is exceeded the user will be locked out for the specific duration.
Within this period users will not be able to perform login again.
Please perform below steps for enabling Brute Force Protection
- Navigate to Advanced Settings tab of the plugin
- Select Enable Brute Force Protection for Jira
- Set Number of Attempts & User Locked out Period
- Save settings
Now, Brute force protection is enabled for the system.
Note:- This brute force feature can consider only invalid attempts of 2FA & not invalid attempts of Jira login.