Welcome to the Question2Answer Q&A. There's also a demo if you just want to try it out.
+5 votes
4.0k views
in Q2A Core by
using a simple automated script someone can try to hack account by entering various password attempt so do you think its good idea to enable reCAPTCHA after 3 login attempt?

I feel reCAPTCHA should be by default enabled on forgot password page. for testing I tried forgot password 10 time and received 10 emails. so if someone want to really bother user he may just use this option.

just a security concerns.

1 Answer

+2 votes
by
 
Best answer
I will add reCAPTCHA to the forgot password page in the 1.0 release. As for preventing brute force attacks to discover someone's password, I will do something about this if there's enough demand.
by
Thanks! brute force is common on popular sites to hack accounts. you can implement this security feature depending on your priority and demand.

btw, you can also lock user account for 15 or 30 min after 5 login attempts.
...