I would like to propose a new feature to prevent brute force attacks and be compliant with PCI (Payment Card Industry) regulations. Lock password vault after (configurable) number of failed authentication attempts, and remain locked for (configurable) minutes before allowing authentication attempts again. The PCI regulation requires accounts to be locked after 6 failed authentication attempts and must remain locked for at least 30 minutes. These options should be enabled and configured by the password vault owner. This will make it significantly more difficult to brute force open someone's password vault. Thanks for listening.
Log in to post a comment.