Brute Force Attack Prevention

Verify that the system prevents brute force attacks by limiting login attempts.

Preconditions:

A stable internet connection is available.
The user has access to a supported web browser.

Test Steps:

Open a web browser.
Navigate to the application's login page.
Attempt to log in repeatedly with different combinations of usernames and passwords.
Observe the behavior of the application.

Expected Result:

The system detects multiple failed attempts and implements a lockout mechanism (e.g., CAPTCHA or temporary account lockout).
No unauthorized access is granted.

Postconditions:

User can retry login only after the temporary lock or the CAPTCHA is passed.
The system remains protected against brute-force attacks.

Test Priority:

High

Status:

Pass/Fail (to be determined after execution)

Edit this page on GitHub

AuthenticationAccess to Protected Resources Without Authentication

AuthenticationCheck that CAPTCHA Appears After Multiple Failed Login Attempts