2
I was putting the lock after 3 wrong attempts on login, however I found in some forums that when hold malicious tries to force multiple passwords he will not use the email fields and password, this lock needs to be done by firebase rules to where I found, but I couldn’t find a light to make the rules. This is true and it is also possible to do this blocking by firebase.