Failed logins and lockout configuration

The Max Failed Logins property is part of the Authenticator configuration. To define a threshold enter a positive integer in the Max Failed Logins property. Setting the failed login counter to 0 will allow an infinite number of login failures without permanently locking the account (not recommended).

The example below shows the configuration of the Max Failed Logins setting in the Main Authenticator. If the Max Failed Logins counter is set to 5, the account will be locked with the sixth incorrect login attempt.

Other examples of Authenticator plugins that allow the configuration of the threshold are: Certificate Authenticator, Meta Authenticator.

Failure counters

The JSP-Loginapp can maintain two failed login counters:

Thresholds	Configuration Locations	Purpose
Max Failed Logins (Loginapp (JSP))	Main Authenticator Plugin (e.g. MAIN SETTINGS >> Main Authenticator)	Keeps track of the number of failed login attempts that have occurred since the last successful login on a particular user account. This counter is increased with each failed attempt independent of which factor the failure occurs. When the configured threshold value is reached, the account is locked. This counter is reset to 0 with each successful login attempt (i.e. an authentication process where the user was successfully logged in).
Maximum Failed Step-Up Attempts (Loginapp (JSP))	Loginapp >> Authentication Settings >> Step-Up Authentication	Keeps track of the number of failed step-up attempts available on a particular user account. This counter is increased with each failed step-up attempt. When the configured threshold value is reached, the account is locked. This counter is reset to 0 with each successful step-up.

Further information and links

Failed login counters and temporary locking