Bamboo 4.2 : Using Captcha for failed logins

Captcha is a tool that prevents brute force attacks on the Bamboo login screen. A brute force attack occurs when an attacker uses malicious code to make automated, repeated login attempts on a Bamboo site with the aim of gaining access to that Bamboo site.

A Bamboo system administrator can configure Bamboo to block automated login attempts. Once a certain number of failed login attempts has been reached (the default is three) Bamboo's Captcha feature will be activated. When Captcha is activated, users will need to recognise a distorted picture of a word and must type the word into a text field. This is easy for humans to do, but very difficult for computers.

(warning) The information on this page does not apply to Bamboo OnDemand.

To enable (or disable) Captcha for Bamboo:

  1. Click Administration in the top menu bar.
  2. Click Security Settings (under 'Security') in the left navigation panel to open the 'Global Security and Permission Properties' page.
  3. Click Edit on this page.
  4. Select (or clear) the Enable Captcha check box.
  5. If required, specify the number of failed login attempts permitted by Bamboo before Captcha is activated. (This field is mandatory and requires a value of 1 or more.)
  6. Click Save.

Screenshot: The Bamboo login screen with Captcha activated

Attachments: