Practicle logo Practicle
EN | DA

Practicle Security

Session and Authentication Security

CSRF protection with automatic token renewal
2-Factor Authentication (Google Authenticator)
Session lockout and timeout after inactivity
Account status check and deactivation handling

Rate Limiting and Burst Protection

Session-based lockout
IP-based block
Credential stuffing protection
File-based burst protection for ultra-fast denial (JSON)
Configurable burst thresholds via settings

User Access and Platform Security

All passwords hashed and salted before comparison
LDAP integration with fallback to local credentials
Dynamic session variables for user roles, teams, and permissions
Server hardened with CSP, HSTS, X-Content-Type and frame protection

Overall Evaluation

The Practicle login system is secure, modular, and production-ready. Den er modstandsdygtig over for brute force-angreb, credential stuffing, session spoofing og simple DDoS-forsøg takket være lagdelt beskyttelse og effektiv filtrering før databaseforespørgsler. Løsningen balancerer security with user experience through clear error messages, lockout timers, and flexible thresholds across endpoints.