Ory is the largest open source community in the world for cloud software application security. We maintain advanced open source security software solving authentication, authorization, access control, application network security, and delegation. Ory implements a variety of industry and best-practice standards including OAuth 2.0 / OAuth 2.1, OpenID Connect, Zero Trust Networking, Google Zanzibar Policy Framework, FIDO2 U2F, WebAuthn, TOTP, and more.

Ory Community

<@U04UQ68083H> does Ory Kratos support a way to configure the limit for the attempts to login and to reset a password?

Ory Kratos provides protection against brute-force attacks by rate limiting requests to API public endpoints, such as login and registration endpoints. However, the specific configuration for setting the limit for login attempts or password reset attempts is not explicitly mentioned in the provided extracts.   When self-hosting the Ory Kratos Identity Server, it's the responsibility of the administrator to implement and manage rate limiting or other measures to ensure the security of the network.   For more detailed information, you may want to refer to the [Ory Kratos documentation](<https://www.ory.sh/docs/kratos/concepts/security>).

Ok, but that protection with rate limiting for the APIs it's not available per account, it's global for the system, correct?