I have to set up a server that will allow remote logins. Obviously security is an issue. In this first pass we are discussing:-
- Locking a person for 15 minutes if they fail to login correctly three times in succession over a five minute period.
- Locking them out totally and making them reset their password if they fail to login correctly, say, a dozen times in succession in any one 24 hour period.
It has been suggested to me that these settings are a bit harsh! Are there any guidelines on this? Information on the subject seems (from my Googles) somewhat limited.
Thank you...
Aucun commentaire:
Enregistrer un commentaire