Autoblock Login Attempts

Hi,
Is there anything stopping an unlimited amount of attempts against the root token?
Just noticed I can keep trying on the web interface without any lockout option I can see.
Cheers.

I’m not aware of anything other than potentially using rate limits. However, applying a rate limit to the login or token lookup paths might have unintended consequences.