Authentication attempt vs. Athentication Failure


Im trying to figure out why theres a difference between the two. If i log in into my website with wrong credientials its says Authentication attempt while sometimes in the log i see an Authentication failure.

That’s a good question - I can add that to the docs.

“<something> attempt” messages are for when something was stopped or blocked. For example:

  • if the username doesn’t exist it’s an attempt, whereas if the username exists and the password is wrong then it’s a failure,
  • if a user enumeration attempt is blocked

Loosely, if the thing they tried to do was prevented before it got as far as failing.

Good. so best practice would be to add a regex to ban both… Thanks