← Back to context Comment by theappsecguy 1 day ago Yes you still need recaptcha simply to avoid password stuffing attacks. 2 comments theappsecguy Reply damsalor 1 day ago Certainly not in the mentioned 2fa scenario.I would guess that simple rate limiting would do the trick for the rest Zak 1 day ago Rate limiting does not solve this problem because botnets often don't make repeated requests from the same IP address. 2FA does solve it.
damsalor 1 day ago Certainly not in the mentioned 2fa scenario.I would guess that simple rate limiting would do the trick for the rest Zak 1 day ago Rate limiting does not solve this problem because botnets often don't make repeated requests from the same IP address. 2FA does solve it.
Zak 1 day ago Rate limiting does not solve this problem because botnets often don't make repeated requests from the same IP address. 2FA does solve it.
Certainly not in the mentioned 2fa scenario.
I would guess that simple rate limiting would do the trick for the rest
Rate limiting does not solve this problem because botnets often don't make repeated requests from the same IP address. 2FA does solve it.