It seems reasonable to use a symfony package for that. What do you think about https://github.com/mariusbalcytis/gentle-force-bundle?
Privacy-implications should also be considered. We cannot do both things at the same time:
- Only log unsuccessful attempts
- Avoid that a botnet could try an account x times at the same moment, exceeding the max number of failed attempts.
It seems reasonable to use a symfony package for that. What do you think about https://github.com/mariusbalcytis/gentle-force-bundle?
Privacy-implications should also be considered. We cannot do both things at the same time: