I am currently working on an application with regard to applying a security policy to the application. We are locking the account after X failed login attempts in Y minute. The account will be locked for Z minutes. I want to know whether the account should be locked if there are successive failed login attempts or that the account should be locked if there are failed attempts within the past Y minutes. Ex. failed login attempts = 3 within 10 mins If the user enters the wrong userrname/password 2 times. Then logs in successfully the 3rd time. He then logs out and attempts a failed login.(All the attempts are within the 10 minutes.) Should the account be locked or not? Thanks in advance
Aucun commentaire:
Enregistrer un commentaire