Skip to main content

Brute force detection

Brute force detection identifies an attempt to guess a user’s password. With brute force detection, the user's account is temporarily disabled after a certain number and frequency of login failures. The user account is disabled for one minute if:

  • The user enters incorrect credentials twice within a second. This means that someone tries to guess the password programmatically.

  • The user fails to enter correct credentials 5 times. After the account is disabled, every unsuccessful attempt increases the lock by one minute, up to one hour.