Jump to content

abj

Members
  • Posts

    11
  • Joined

  • Last visited

Everything posted by abj

  1. Our Passwordstate instance is not exposed to the Internet and we use 2FA authentication as well, so brute force is not a concern for us. The IP address of end user workstations is being reported. Thanks for the pointer to the threshold, I have set it high enough that this should not be an issue for us anymore.
  2. I'm not sure what makes this security feature so special that it can't be disabled, but all the other security features can be configured. Is this how you will be doing product development in the future, where you just add security features as you see fit and not provide any options to configure them? 100% of the IPs blocked so far by this feature have been false positives. At least provide a threshold so that users are not getting blocked so quickly / add an auto-unblock option. We do not have any network devices in front of Password State, all the IPs blocked were individual workstation IPs.
  3. Is there a way to disable this feature? We're getting too many accounts locked out. We don't allow public access to Password State and I guess users are typing their password wrong enough to cause lockouts.
  4. Just a note, if you are running the PasswordState service under a different account, you have to explicitly give it permissions to read the encryption keys, if you encrypt the database connection string, by using this command: aspnet_regiis -pa "NetFrameworkConfigurationKey" "Domain\Username of service account"
×
×
  • Create New...