Locking users

Owned by Kiss, Mate
Jul 31, 2018
2 min read

The Verba System allows the system administrator to lock down user accounts as well as automatic lockout after a predefined number of invalid login attempts.  By utilizing the following two parameters this function is fully configurable by the system administrator:

User Lockout Threshold: The user lockout threshold sets the number of invalid logon attempts that are allowed before a user is locked out.  When lockout controls are used, they should be set to a value that balances the need to prevent user cracking and the needs of users having difficulty accessing their accounts.

The most common reason why users are not able to access their accounts is that they forget their passwords. If this is the case, several attempts may be needed to log in properly.

The lockout threshold can be set to any value between 0 and 999.  When the lockout threshold is set to zero, users will not be locked out on invalid login attempts.  Any other value sets a specific lockout threshold.  Keep in mind that the higher the lockout value is, the higher the risk that a hacker may be able to break into a system.

Reset User Lockout Threshold After: Every time a logon attempt fails, the system raises the value of the threshold that tracks the number of unsuccessful logon attempts. The "reset user lockout threshold after" setting determines how long the lockout threshold is kept. This threshold may be reset upon a successful login or if the preset waiting time for "reset user lockout threshold after" has elapsed since the last unsuccessful logon attempt.

By default, the lockout threshold is maintained for one minute, but any value can be set between 1 and 99,999 minutes.  Similar to the user lockout threshold, select a value that balances security needs against user access needs.  A good value is between one and two hours. This waiting period should be long enough to force hackers to wait longer than they want to before trying to access the system again.

For more information on setting these parameters, see Configuration settings for Verba Web Application.

Locked users can be unlocked on the user configuration page.  For more information see User Administration.