本机 iOS 应用程序 - 如果用户连续 5 次登录尝试失败，Firebase SDK 是否能够将用户锁定在他们的帐户之外？

Question

I'm creating the log-in page for a mobile app, will Firebase Auth allow me to cap log-in attempts at 5 before temporarily disabling the account?

I've been investigating the Firebase SDK to see if I can lock users out of their account if they have attempted 5 consecutive incorrect password entries.

I'm reviewing the errors available in the Firebase documentation and I see there are the following error codes:

FIRAuthErrorCodeWrongPassword, 
FIRAuthErrorCodeTooManyRequests,
FIRAuthErrorCodeUserDisabled

https://firebase.google.com/docs/auth/ios/errors

Answer 1

Yes, to implement "account lockout" in your app, you can do the following:

1. Set the maximum number of allowed failed sign-in attempts. This can be done in the Firebase Console by going to the "Authentication" section and clicking on the "Sign-in method" tab. In the "Email/Password" section, you can set the "Maximum failed sign-in attempts" to the desired number (eg 5).

2. Handle the FIRAuthErrorCodeTooManyRequests error in your app's sign-in code. This error is returned by the Firebase Auth API when the maximum number of allowed failed sign-in attempts has been reached. When this error is returned, you can display a message to the user telling them that their account has been temporarily disabled and instructing them to contact customer support to reset their password.

3. Optionally, implement a mechanism to automatically reset the failed sign-in attempts counter after a certain amount of time. This can be done using the updateUser method of the Firebase Auth API and setting the reauthenticateBeforeUpdate parameter to true. This will require the user to re-enter their password before the failed sign-in attempts counter is reset, which can help prevent unauthorized access to the user's account.