If you select the option, users need to set a password that must have at least one uppercase character, one digit, and one symbol character in the password. By default, the Strong Passwords option is deselected.

Set the length for password. The default value is 8 characters.

The number of times that a user cannot use a previous password as a new password. The default value is set as 0.

Number of days before a password expires and a password change is required.

The number of failed authentication that is allowed before the account is locked. By default this feature is deactivated. Set a value more than 0 to activate the feature. As a best practice, we recommend setting the value to 5.

Setting a value for Automatic Account Lockout Failure Count prevents a malicious user from trying many different passwords to login to an account. It locks an account if too many failed login attempts occur. The lockout can be temporary or permanent.

When activated, the following options are displayed:

To unlock a failed account:

• If the lockout was temporary, wait until the Automatic Lockout Duration is over.
• User can use the Forgot Password option to regenerate a new password in the user interface.
• You can send new token in a new verification email from the User Accounts page. User can click the verification link from that email.
• You can use the Unlock Account option in the User Accounts page for the user and unlock the account.
• If the lockout is permanent (Automatic Lockout Duration is set to 0), toggle the Account Locked option on the User Accounts page table, or from the User Access page. Click Update Account to save the changes.

When enabled, it prevents repeated attempts to login the account with invalid credentials. The Login Rate Limiting option is similar to the Automatic Account Lockout option and can be used in along with Automatic Account Lockout. The Login Rate Limiting option is used to throttle too many login attempts that occur with in a specified time window.

When enabled, the following options are displayed:

Enable Login Rate Limiting

• Login Rate Limiting prevents repeated attempts at logging in to an account with invalid credentials.

• Default value: deactivated.

Rate Limiting Time Window

• The time window during which the authentication attempt failure-count triggers rate limiting.

• The default value is 3600 seconds (one hour).

• A value is 0 is unlimited (really 720 days behind the scenes).

• The time window starts from the most recent failed login attempt, meaning that it keeps getting updated after every failed login attempt, which is different than how it works in Automatic Lockout Time Window.

Rate Limiting Timeout

• Specifies how long a user must wait before attempting another authentication attempt after a failed authentication.

• The default value is 10 seconds.

Use Rate Limiting Timeout Scaling

• The Rate Limiting Timeout Scaling uses the Rate Limiting Timeout to increase the wait time for each failed authentication attempt, up to 24 hours. The initial 3 attempts are not rate-limited.

• The default value deactivates the service.

• This option is provided, if a non-malicious user attempts to login and mistyped their password will not be throttled in any way. It allows the first 3 failed attempts to happen without any throttling at all and then the time out starts to grow for every group of 3 failed attempts after that. It uses the Rate Limiting Timeout value for how much the timeout grows by.