Enabling brute force protection#
Keycloak provides a number of mechanisms to help secure your Workbench from identity-based attacks. A brute force attack is a method in which an attacker guesses your password by repeated guessing. To protect your installation against such attacks, follow these steps:
- Select Realm Settings from the left-hand navigation menu. 
- Select the Security Defenses tab. 
- Select the Brute Force Detection tab. 
- Toggle Enabled to - ON.
- Set the parameters for your organization’s brute force defenses. Hover your mouse over the question mark to see what each parameter manages. 
- Click Save.   
To disable these settings at any time, return to the Brute Force Detection tab and toggle Enabled to OFF.
Other security mitigations#
For more information about brute force protection and using Keycloak to mitigate other security threats, please see Keycloak’s official documentation.
