Ad

Is There A Penalty For Too Many Failed Firebase Auth Login Attempts?

- 1 answer

Is there a penalty by Firebase for too many failed email/password Auth login attempts? I have a mechanism in place to disable logins if the end user makes too many failed attempts at logging in but if they reinstall the app then the counter resets (since there is no way to identify physical devices in iOS, only app instances). Also, if users can merely reinstall apps to circumvent these forced timeouts (for too many failed login attempts) then what are we, as developers, really able to do about these brute force attacks?

Ad

Answer

firebaser here

Firebase has built-in protection against abuse scenarios on many layers, though most of these are not documented. Since you're already taking basic measures against abuse, I'd recommend leaving the rest to Firebase.

Ad
source: stackoverflow.com
Ad