diff --git a/README.md b/README.md
index 2482856f..20b0b077 100644
--- a/README.md
+++ b/README.md
@@ -11,6 +11,11 @@ password failures. It updates firewall rules to reject the IP address. These
 rules can be defined by the user. Fail2Ban can read multiple log files such as
 sshd or Apache web server ones.
 
+Fail2Ban is able to reduce the rate of incorrect authentications attempts
+however it cannot eliminate the risk that weak authentication presents.
+Configure services to use only two factor or public/private authentication
+mechanisms if you really want to protect services.
+
 This README is a quick introduction to Fail2ban. More documentation, FAQ, HOWTOs
 are available in fail2ban(1) manpage and on the website http://www.fail2ban.org
 
diff --git a/config/filter.d/sshd.conf b/config/filter.d/sshd.conf
index 8d39f412..92b6ed19 100644
--- a/config/filter.d/sshd.conf
+++ b/config/filter.d/sshd.conf
@@ -1,5 +1,8 @@
 # Fail2Ban filter for openssh
 #
+# If you want to protect OpenSSH from being bruteforced by password
+# authentication then get public key authentication working before disabling
+# PasswordAuthentication in sshd.conf.
 
 [INCLUDES]
 
diff --git a/man/fail2ban.1 b/man/fail2ban.1
index 8f93dbc7..660168f1 100644
--- a/man/fail2ban.1
+++ b/man/fail2ban.1
@@ -25,6 +25,17 @@ For testing regular expressions specified in a filter using the
 fail2ban-regex program may be of use and its manual page is
 fail2ban-regex(1).
 
+.SH LIMITATION
+
+Fail2Ban is able to reduce the rate of incorrect authentications attempts
+however it cannot eliminate the risk that weak authentication presents. 
+Configure services to use only two factor or public/private authentication
+mechanisms if you really want to protect services.
+
+A local user is able to inject messages into syslog and using a Fail2Ban
+jail that reads from syslog, they can effectively trigger a DoS attack against
+any IP. Know this risk and configure Fail2Ban/grant shell access acordingly.
+
 .SH FILES
 \fI/etc/fail2ban/*\fR
 .SH AUTHOR