← Back to context Comment by theappsecguy 1 year ago Yes you still need recaptcha simply to avoid password stuffing attacks. 2 comments theappsecguy Reply damsalor 1 year ago Certainly not in the mentioned 2fa scenario.I would guess that simple rate limiting would do the trick for the rest Zak 1 year ago Rate limiting does not solve this problem because botnets often don't make repeated requests from the same IP address. 2FA does solve it.
damsalor 1 year ago Certainly not in the mentioned 2fa scenario.I would guess that simple rate limiting would do the trick for the rest Zak 1 year ago Rate limiting does not solve this problem because botnets often don't make repeated requests from the same IP address. 2FA does solve it.
Zak 1 year ago Rate limiting does not solve this problem because botnets often don't make repeated requests from the same IP address. 2FA does solve it.
Certainly not in the mentioned 2fa scenario.
I would guess that simple rate limiting would do the trick for the rest
Rate limiting does not solve this problem because botnets often don't make repeated requests from the same IP address. 2FA does solve it.