Enabling brute force protection#

A brute force attack is a method used by cybercriminals to guess your password by trial and error and gain access to your account. Protect your organization against such attacks by following these steps in Keycloak:

  1. Log in to the Keycloak administrative console.

  2. Select Realm Settings from the left-hand navigation menu.

  3. Select the Security Defenses tab.

  4. Select the Brute Force Detection tab.

  5. Toggle Enabled to ON.

  6. Set the parameters for your organization’s brute force defenses. Hover your mouse over the question mark question_mark icon to see what each parameter manages.

  7. Click Save.

To disable these settings at any time, return to the Brute Force Detection tab and toggle Enabled to OFF.