We've had a request for the following for the Self Destruct Message web site:
Add auditing for failed PassPhrase login attempts
Track failed Passphrase login attempts by IP, and lock the user out when they reach the Brute Force login threshhold. The Admin would then need to unblock this IP Address, just like in the main UI.
These changes would provide an additional layer of security, on top of:
Brute Force Lockouts via Session tracking
Guessing the URL of the Self Destruct Message web site
Guessing the randomly generated 32 character Self Destruct ID, needed to view the message
Regards
Click Studios
