Bypass too many password requests


#1

I was able to bypass the authentication timeout with too many failed login attempts, by logging in with github after I had forgot my password.

Not sure if this was intended functionality.


#2

it is the intended behavior, the reason to not allow many login attempts is to prevent attackers from finding password by trying many combinations, logging in with github doesn’t help them