can we customize the User login failure attempts and the time of next login ?

can we customize the User login failure attempts and the time of next login ?

  

can we customize the login failure attempts and the time of next login ?

Hello Deepak,

I think you will find everything you need to setup this here: 

https://success.outsystems.com/Documentation/10/Managing_the_Applications_Lifecycle/Secure_the_Applications/Protection_against_Brute_Force_Attacks

Specially the last part: 

Configure Brute Force Protection

The protection of OutSystems applications against brute force attacks is configurable. To change the behavior, proceed as follows: 

  1. Log in to Service Center;

  2. Go to the Factory section and select the eSpaces option;

  3. Search for the Users module and open the page with the details;

  4. Select the Site Properties tab;

  5. Configure the protection in the Site Properties described in the table below.

Site PropertyDescription
EnableBruteForceProtectionEnables brute force login protection at user level.
MaxUsernameAttemptsFirstBackoffThe maximum number of login attempts for a user after which the first backoff protection is triggered.
The default value is 3 times.
MaxUsernameAttemptsSecondBackoffThe maximum number of login attempts for a user after which the second backoff protection is triggered.
The default value is 6 times.
UsernameAttemptsFirstBackoffDelayInSecondsAfter hitting the first backoff, it's the time that login attempts are blocked for a user.
The default value is 30 seconds.
UsernameAttemptsSecondBackoffDelayInSecondsAfter hitting the second backoff, it's the time that login attempts are blocked for a user.
The default value is 1800 seconds.
EnableBruteForceProtectionPerIPEnables brute force login protection at IP level.
MaxIPAttemptsFirstBackoffThe number of login attempts for an IP address after which the first backoff is triggered.
The default value is 20 times.
MaxIPAttemptsSecondBackoffThe number of login attempts from an IP address after which the second backoff is triggered.
The default value is 50 times.
IPAttemptsFirstBackoffDelayInSecondsAfter hitting the first backoff, it's the time that login attempts are blocked for an IP address.
The default value is 300 seconds.
IPAttemptsSecondBackoffDelayInSecondsAfter hitting the second backoff, it's the time that login attempts are blocked for an IP address.
The default value is 3600 seconds.
InvalidLoginCheckWindowInMinutesTime frame in minutes in which failed attempts are accounted.
Default value is 60 minutes.


Cheers.