Account lockout is a security feature designed to protect user accounts from brute-force attacks. This document explains how account lockout works and the configuration options available.

What is Account Lockout?

Account lockout is a security measure that locks a user account after a certain number of failed login attempts. This helps prevent attackers from guessing passwords by trying different combinations until they find the correct one.

How Account Lockout Works

  1. Threshold: The first step is to set a threshold for the number of failed login attempts. Once this threshold is reached, the account will be locked.
  2. Lockout Duration: After the account is locked, you can configure the duration for which the account should remain locked.
  3. Lockout Notification: You can also configure whether to notify the user when their account is locked.

Configuration Options

  1. Failed Login Threshold: Set the number of failed login attempts allowed before the account is locked.
  2. Lockout Duration: Configure the duration for which the account should remain locked.
  3. Notification Settings: Enable or disable notifications for account lockout.

Best Practices

  • Set a Reasonable Threshold: Avoid setting a threshold that is too low, as this can inconvenience legitimate users. Similarly, avoid setting a threshold that is too high, as this can leave your accounts vulnerable to brute-force attacks.
  • Configure Lockout Duration: Set a lockout duration that is long enough to deter attackers but not so long that it inconveniences legitimate users.
  • Monitor Lockout Events: Regularly review lockout events to identify potential security threats.

For more information on account lockout, please visit our Account Lockout Configuration Guide.

Lockout Security