Configure the protection against brute force login attacks.
Brute force mode
The action to be performed when the maximum number of failed logins is exceeded.
Mode | Description | Default |
|---|---|---|
Disabled | Turn off brute force protection (not recommended) | |
Lockout Permanently | Permanently locks the user account after reaching Max Login Failures |
|
Lockout Temporarily | Locks the user account for a defined period after reaching Max Login Failures | |
Lockout Permanently After Temporary Lockout | First, apply temporary lockouts after failed attempts. If the user exceeds Maximum temporary lockouts, permanently lock the account |
Max login failures
The maximum number of failed login attempts allowed before triggering the brute force defense.
Default value: 3
Maximum temporary lockouts
The maximum number of temporary lockouts a user can experience before a permanent lockout (when Brute Force Mode is Lockout Permanently After Temporary Lockout).
Default value: 1
Strategy to increase wait time
The added waiting time after repeated failures.
Option | Description | Default |
|---|---|---|
Linear | Wait time increases by a fixed amount each time |
|
Multiple | Wait time grows exponentially with each failure |
Wait Increment
The base time added to the wait period after each failure.
Default value: 15 minutes
Max wait
The maximum wait time allowed between login attempts.
Default value: 15 minutes
Failure Reset Time
The time window after which the failure count resets if no new failures occur.
Default value: 1 day
Quick login check milliseconds
The time frame to detect rapid consecutive login attempts (in milliseconds). For example, if set to 1000, multiple attempts within a 1-second period are flagged as suspicious.
Default value: 1000 milliseconds
Minimum quick login wait
The minimum enforced wait time when detecting quick login attempts. For example, if set to 10 seconds, the user must wait at least 10 seconds before retrying after a rapid attempt.
Default value: 1 minute