User Account Lockout Policy

What is Account Lockout Policy?

Account lockout policies will lock out a user accounts when someone fails to log on to Ready Recruit multiple times in a row. We can usually assume that a legitimate user might type their password incorrectly once or twice, but not multiple times. Thus, multiple failed logons can indicate that someone is trying a brute-force password attack (trying to keep guessing the password until they gets it right).

 

What do you need to know?

This feature is already enabled on Ready Recruit on production environment.

 

How to configure it?

The admin users will have the ability to customise these settings from the admin dashboard under the "Security Settings" section. Admin users will have 3 new options to keep the user accounts secure:

  • Account Lockout Threshold

    • The Account lockout threshold settings determine the number of failed log-in attempts that will cause a user account to be locked. The default setting will be 5 Failed Attempts. Means, the account will be locked out after the 6th failed attempt. You can set a maximum value of 10 failed attempts or you can specifY the account will never be locked by setting the value to "Do Not Lockout".

  • Account Lockout Duration

    • The Account lockout duration settings determine the time the account will be locked out for. The default setting will be 15 mins. Means, the user account will be unlocked automatically after the 16th minute and the user can try again after that time.

  • Unlock Account Manually

    • When the Unlock Account Manually option is selected, the account will remain locked out until an administrator manually unlocks it from the user page on the admin dashboard.

Screenshot_2022-02-01_at_10.14.21_AM.png

Did you find it helpful? Yes No

Send feedback
Sorry we couldn't be helpful. Help us improve this article with your feedback.