Wrong password limit
I suggest to add incorrect password limits.
a) For IP - eg. 5 incorrect passwords in 20 minuts from one IP will block logging in to ANY account from that IP for eg. 30 minutes.
b) For account (configurable in account settings) - X incorrect passwords in Y minutes/hours will block logging in from ANY IP not added to whitelist (in account settings) for Z minutes/hours and send notification to recovery email.
c) After successful login show warning if there were any login attemps (invalid password).
-
Anonymous commented
password limits are a problem for me. protonmail insists my password is wrong quite often. i just got locked out of trying again... its bullshit because i know my password and have 2FA. and i cant use a recovery email as i only have this one email address.
-
Jon commented
Please add this. I am a victim of corporate espionage and every kind of additional security feature such as this and additional two-factor authentication would just make the service better and add more peace of mind, especially when we are leaving emails on a remote location.