Preventing Brute Force Using Node and Express JS

Question

I\'m building a website using Node and Express JS and would like to throttle invalid login attempts. Both to prevent online cracking and to reduce unnecessary database calls. Wh

Answer 1

I myself wondered how to tackle this, but I tried the following and I am not sure how good is it in terms of performance and good code.

Basically, I created a flag in my Schema called "login attempts" and set it to 0
Then in the login process, I do the following: compare the password, if it's okay then I log in. Else, I increment the login attempt flag in my DB each time the user enters the wrong password. If the login attempts exceed 3, I display an error message saying that you exceeded login attempts.

Now up to this point everything works, the next part is pretty much way of switching that flag to zero.

Now I used setTimeout function to run after 5 mins and switch that flag to 0 and it worked.

My main concern: Is it safe to use setTimeout like this.

the other concern is how is this going to affect the performance.

So in terms of getting the job done, it's working but in terms of performance and best method, I am not sure about that.