Password expiration date
To set a password expiration date:
1. In the administrative panel, go to Security settings, then select the Password expiration subsection.
2. Tick the checkbox enabled.
By default, the system will set the expiration date to 90 days; after this time, you need to change the password.
However, you can select your own expiration date.
Password protection against brute force attacks
To set protection against brute force attacks, go to the Security settings section, then to the Brute Force Attack Prevention subsection.
Set the required parameters and click Save.
Use CAPTCHA – Use captcha - enable/disable
(Time) Interval_for_check - the duration for which a person is blocked from the system (specified number = in seconds). The system will register the number of attempts and increase blocking time with each attempt. Default value: 21600 sec. After the specified time has elapsed, the number of attempts and blocking time for the user are updated.
ATTEMPT - The number of unsuccessful login attempts, after which user’s account is blocked.
- First by DELAY_SECONDS,
- Each additional incorrect attempt will increase the time by the number set in “DELAY_SECONDS_FOR_EXTRA_ATTEMPT.” You can enter an integer from 1 to 99 in the field.
DELAY_SECONDS is the length of time a user will be blocked from the login page when the user exceeds the allowed ATTEMPT (specified number = in seconds). The default value is 60.
Afterwards, the time between attempts is delayed by 5 seconds:
- On the 6th attempt, the time increases to 15 seconds
- On the 7th attempt, the time increases to 20 seconds.
DELAY_SECONDS_FOR_EXTRA_ATTEMPT - Blocking interval.
If after the first login lockout, the user continues to enter incorrect data: the lockout time increases from the previous lockout time by the amount specified in the lockout interval (specified number = in seconds). Default value: 0
captcha_invalid_authorizations - the number of incorrect login attempts N, after which the user is shown the Captcha test.
It is possible to add a rule with a different number of attempts and set the blocking time and interval by clicking Delay for the attempt number.