How do I set login protection restrictions?

Purpose

NSP can temporarily or permanently lock out users for login failures. This includes managing repeated failed login attempts, such as in brute force attacks.

Temporary lockout

A user that reaches a specified number of consecutive failed login attempts can be temporarily disabled for a specified wait interval. During the wait interval, further login attempts by the user are not processed. After the wait interval, OAUTH2 processes new login attempts by the user. If user login attempts continue to fail, the login attempts are subsequently disabled for incrementally longer periods, up to a configurable maximum. Temporary lockout protection is configured by default.

Temporary lockout applies to local and external authentication source users.

Permanent lockout

OAUTH2 can automatically lock out a user after a specified number of consecutive login failures. The user is prevented from logging in until an administrator un-suspends the user account.

Permanent lockout applies only to local NSP users, and not to users defined in external authentication sources.

Quick Login protection

The Temporary Lockout and Permanent Lockout functions both include Quick Login protection. This feature prevents unrealistically-fast login attempts that might originate from a tool or script. If a two consecutive login attempts occur in less than a minimum time interval, a brief lockout is enforced before another login attempt can occur.

Steps
 

Open Users and System Security.

Click png1.png More Actions, Settings.

In the Users and System Security Settings form, click Brute Force Detection.

Select a brute force detection mechanism from the Brute Force Detection menu. Based on your selection complete Step 5 or Step 6.

To disable login protection, select Disabled from the menu and click Save.

Configure Temporary Lockout protection restrictions as follows:

Maximum Login Failures

Number of allowed login failures before a temporary lockout.

Wait Increment (Seconds)

Temporary lockout time after Maximum Login Failures failed login attempts is reached.

Maximum Wait (Minutes)

Maximum temporary lockout duration.

Failure reset time (Hours)

Number of hours after which the login failure count automatically resets.

Quick Login Check (Milliseconds)

Minimum interval between two consecutive login failures, below which will enforce a wait period, as specified by the Minimum Quick Login Wait parameter.

Minimum Quick Login Wait (Seconds)

Lockout duration triggered by a Quick Login Check violation.

Configure Permanent Lockout protection restrictions as follows:

Maximum Login Failures

Number of allowed login failures before a permanent lockout

Quick Login Check (Milliseconds)

Minimum interval between two consecutive login failures, below which will enforce a wait period, as specified by the Minimum Quick Login Wait parameter.

Minimum Quick Login Wait (Seconds)

Lockout duration triggered by a Quick Login Check violation.

Click Save.

End of steps