Login Security

From the drupal security mailing list (http://groups.drupal.org/node/293943#comment-914498):
"If you have good passwords on the accounts you value, you might actually better off  with the brute-force than with login_security and the multi-factor authentication modules. 

It is in general wise to limit the reflex to solve a perceived problem by adding yet another module and first investigate trade-offs. 

When following the advice, you may be trading potential vulnerabilities for others. Bugs in multi-factor authentication modules can have devastating consequences.
login_security itself also has a number of problems. To quote dstol on IRC: "give me a site with login_security enabled and i can dos it offline with next to no effort".

In summary: I'd hesitate to install any of these modules without doing a very thorough review."

Prevents brute force password attacks
Options:
limit the number of invalid login attempts before blocking accounts
deny access by IP address, temporarily or permanently.

Internal References

External References

Article Type

Drupal Module: Specialty