Enabling brute force protection¶

A brute force attack is a method used by cybercriminals to guess your password by trial and error and gain access to your account. Protect your organization against such attacks by following these steps in Keycloak:

  1. Log in to Keycloak as an administrator.

  2. Go to Realm Settings from the left-hand navigation menu.

  3. Select the Security Defenses tab.

  4. Select the Brute Force Detection tab.

  5. Set the Enabled toggle to ON.

  6. Set the parameters for your organization’s brute force defenses. Hover your mouse over the question mark question_mark icon to see what each parameter manages.

  7. Click Save.


To disable these settings at any time, return to the Brute Force Detection tab and set the Enabled toggle to OFF.