Keycloak has a brute force protection option whereby one can protect against consecutive wrong passwords guesses. But this does not cover the reverse which is when one tries to guess a username based on some well known password such as “password”, in order to get into the system.
Is there such a feature on the horizon?