Locking out users after unsuccessful logins
Is there any way in JATOS to lock users out after too many failed login attempts? Or a similar mechanism to discourage/prevent password-cracking attempts?
e.g. if I know a user's ID, and write a python script to try to guess their password by sending requests to the login page with different passwords (e.g. every word in the dictionary, etc.) could I succeed?
A number of other systems I've used support some kind of user lockout after, say, five incorrect attempts, unlocking them automatically after delay that's short enough to be tolerable for a frustrated real user, but log enough to make a dictionary attack impractical.
Obviously this would protect participant data, but if JATOS is integrated with a University user authentication system, then without such protection, JATOS would become a vector for cracking more widely used (and higher stakes) user IDs.