← Back to context Comment by theappsecguy 2 months ago Yes you still need recaptcha simply to avoid password stuffing attacks. 2 comments theappsecguy Reply damsalor 2 months ago Certainly not in the mentioned 2fa scenario.I would guess that simple rate limiting would do the trick for the rest Zak 2 months ago Rate limiting does not solve this problem because botnets often don't make repeated requests from the same IP address. 2FA does solve it.
damsalor 2 months ago Certainly not in the mentioned 2fa scenario.I would guess that simple rate limiting would do the trick for the rest Zak 2 months ago Rate limiting does not solve this problem because botnets often don't make repeated requests from the same IP address. 2FA does solve it.
Zak 2 months ago Rate limiting does not solve this problem because botnets often don't make repeated requests from the same IP address. 2FA does solve it.
Certainly not in the mentioned 2fa scenario.
I would guess that simple rate limiting would do the trick for the rest
Rate limiting does not solve this problem because botnets often don't make repeated requests from the same IP address. 2FA does solve it.