Prevent automated login attempts

Prevent automated login attempts

Starting with this release we have added protection against brute force login attacks which aim to gain access to user accounts by repeatedly trying to guess the username and password. A user account will be locked out for a set period of time after a number of failed login attempts. In this way, Product 360 is able to prevent automated attacks. All failed attempts of the same user on each server are counted individually, no matter from where the request is coming, e.g. from Desktop UI, Web UI or via a REST call. The count of failed attempts is automatically reset once the lock period is reached, or a login has been successful before the number of maximumFailedAttempts has been reached. The corresponding maximum allowed attempts count and lock period are configurable within the following settings in the
plugin_customization.ini
.
plugin_customization.ini
# Specifies the maximum number of failed login attempts with wrong password. If this number is reached, then the user account will be temporarily locked. # Default value is 10. com.heiler.ppm.security.server/security.preventLoginAttempts.maximumFailedAttempts = 10 # Specifies how long the user account will be temporarily locked if the maximum login attempts is reached. # Default value is 1800 seconds(= 30 minutes). com.heiler.ppm.security.server/security.preventLoginAttempts.lockPeriodInSecond = 1800

0 COMMENTS

We’d like to hear from you!