Skip to content
Visit Kinde’s marketing website Kinde Docs
  • Build on Kinde
  • Set up options

Configure attack protection

Attack protection is always on, and Kinde ships with sensible defaults to keep your product protected without you lifting a finger. There are some things you can configure.

Set brute force protection

Link to this section
  1. In Kinde, go to Settings > Attack protection.
  2. Select Brute force protection.
  3. Set how many sign-in attempts users get before being locked out of their account. You can choose the Kinde default of 5 or set a custom amount.
  4. Set how long the account lockout lasts before users can sign in again. You can accept the Kinde default of 5 minutes or set a custom time, up to 60 minutes.
  5. Select Save.

What counts as a failed sign-in attempt

Link to this section
  • incorrect password entered
  • incorrect OTP code entered
  • incorrect recovery code entered
  • incorrect MFA response entered

For general information about Kinde security, practices, and policies, see the Trust Center.

Related articles

Useful links

  • Join the community

    Get support from the Kinde team and expert users in the Kinde community

    Join via Slack or Discord

  • Contact support

    Chat to support through the Kinde help widget, or send a question via email

    Send an email