Failed login counter and two-factor authn.
17.4.1.18.1. Failed login counter and two-factor authentication for Loginapp (JSP)

Two-factor authentication without "step-up" (i.e. both factors are checked by the "Main Authenticator" or "Meta Authenticator"):

  • Every single failure increases the failure counter - independent of which authentication factor caused the failure.
  • Every full success over all the steps resets the failure counter - meaning all authentication factors required must be validated successfully.

Two-factor authentication with "step-up" (i.e. first factor is checked by the configured Authenticator; second factor on demand using the step-up configuration):

  • The first-factor result affects the "failed logins counter" and the threshold configured in the configured Authenticator is relevant.
  • The second factor (the step-up factor) affects the "failed step-up attempts" counter and the threshold configured in the step-up configuration is relevant.