In this Article

New in Telligent Enterprise 3.0: After five incorrect login attempts on an account, the account is locked for five minutes. The values are configurable.

This feature is for Forms authentication only. If you are using Windows Authentication, consider creating a group lockout policy.

Telligent Enterprise 3.0 contains a default feature that locks out an account if a user makes five incorrect login attempts over the space of five minutes. The lockout lasts five minutes, meaning that the attempts reset every five minutes while the account is experiencing a lockout.The user is redirected to an error page.

The user is also emailed a message stating that his/her account has been locked out in case someone has tried to crack the account password.

Despite the default values, the following aspects of this lockout can be changed in configuration files:

  • Number of bad attempts (e.g., default five attempts)
  • Period during which bad attempts are counted (e.g., default five minutes)
  • Amount of time the account is locked out (e.g., default five minutes)

Change lockout defaults

You can configure the default lockout values.

Change number of attempts

Search for the following entry in the web.config file:

maxInvalidPasswordAttempts="5"

and replace "5" with the desired number of failed attempts you want to allow, for example 3 attempts:

maxInvalidPasswordAttempts="3"

Save the file.

Change attempt counting period

Search for the following entry in the web.config file:

passwordAttemptWindow="5"

and replace "5" with the desired number of minutes you want the failure cycle to contain. For example, shortening the period will allow the incorrect attempts to reset more quickly, for example 3 minutes:

passwordAttemptWindow="3"

Save the file.

Change lockout period

Search for the following entry in the communityserver.config file:

unlockUserAfterMinutes="5"

and replace "5" with the desired number of minutes you want the user to wait before his/her password will be reset, for example 3 minutes after the lockout is initiated:

unlockUserAfterMinutes="3"

 

Use -1 to never automatically unlock an account.

    Save the file.

    Unlock a user's account

    1. Navigate to Control Panel Dashboard > System Administration > Membership Administration > Members and Roles > Manage Users.
    2. Search for the user.
    3. Next to the User ID, click Edit. The Admin tab appears.
    4. Locate the yellow alert field ("This account has been locked due to a high number of incorrect password attempts").

    5. Click Unlock. The yellow alert turns green and the user account is unlocked.