In order to avoid brute force attacks on closed Jira installations where public sign-up is not possible, it should be possible to put a 'CAPTCHA' on the user login page, so all user logins require human interaction.
As things are now, it is only possible to enable 'CAPTCHA' on the user creation page.
It should be possible to enable/disable this feature through the administration modules.
- is incorporated by
-
JRASERVER-12380 Implement user lockout mechanism to stop bruteforce login attacks
- Closed
