eluck / meteor-accounts-lockout

Seamless Meteor apps accounts protection from password brute-force attacks. Users won't notice it. Hackers shall not pass.

Locks user accounts for duration seconds after them having entered wrong passwords attempts times in a row. duration = 15 and attempts = 5 by default and can be overriden in settings file:

"accounts-lockout" : {
  "duration": 5,
  "attempts": 10
}

The package is designed to live in multiple servers environment and survive servers restarts.

meteor add eluck:accounts-lockout

http://youtu.be/X-_Yd-rh1KY?hd=1

https://github.com/eluck/meteor-accounts-lockout