I'm trying to block login for x minutes after y failed attempts. I'm already planning to log user logins, so I guess I could use the same database to calculate if blocking needs to happen.
My questions:
- does it make sense to use the same logs table to run the logic of the y failed attempts blocking?
- Some people have a table just for the failed attempts, and I heard they just increment the # of failed logins. This doesn't make sense since all they store is the number of failed attempts, not within what time period. 3 failed attempts in 10 minutes is not the same as 3 failed attempts in 3 days. Does the time span matter? Do you block after x failed attempts, period, or x failed attempts within a y time interval. And what's the best time frame for this?
- can someone clarify the best practice approach to this?