How to avoid user keep trying login using Ruby on Rails?
- by Tattat
I want to create a login page, it can easy implement using Ruby on Rails. But the login is very simple, but I want more security.
I want to stop the user keep trying the password. So, I have some ideas on that.
First, stop login feature if the user keep trying the password for 15 mins.
After the user login fail 5 times in 15 mins, the system should not allow the user login again in next 15 mins, ever his/her password is correct.
Second, I want to add a human verification, after the user tried 5 times. After the user wait for 15 mins to login, I want to add an addition verification to the user. I want the user click the password, and the CAPTCHA image. If one of them is failed, they still can't login the system. He/She have 5 times to try, if he / she failed again, he/she need to want another 15 mins.
Third, After the user tried 15 times, and still can't get into the system. I want to lock the user account, the user will receive an email, with a link to assign the password again.
So, the question is "Is there any library to implement such authorization easily?" I know it can be implemented using code, but using library is much convenient. Also, I want to ask is there any security suggestion for that? thank u.