The error message "Too many login attempts" and the subsequent blocking of the account are associated with what’s known as "brute force protection".
The activation of this function is a protective mechanism against hacker attacks.
The activation of this function is a protective mechanism against hacker attacks.
Note:
If brute force protection is not activated, a user can attempt to enter the right login details an infinite number of times.
Brute force protection is not activated by default.
Brute force protection is not activated by default.
The administrators determine how many incorrect attempts are permitted before the system blocks the user. This block can only be lifted by an administrator.
Note:
You require corresponding permissions for this ("access to Administration" + "Manage security").
You require corresponding permissions for this ("access to Administration" + "Manage security").
Where can brute force protection be activated?
You can find this area in the Administration under "Security". Here you can define for yourself how many incorrect attempts are permitted and how long the block should last.
If no block duration is entered, the user remains blocked until they are activated again by an administrator.
If no block duration is entered, the user remains blocked until they are activated again by an administrator.
You also get an overview here of all blocked members in your network.
What happens if the brute force protection is active and the password has been entered incorrectly too many times?
Once a user has entered an incorrect password too many times, they are immediately blocked.
There are now the following options for the user:
There are now the following options for the user:
- They wait until the block time elapses and then try to log in again.
- They require a link to reset the password and create a new password.
This only works once the block time has elapsed. - They contact the admin of the network and ask them to release the account.
