https://community.telligent.com/community/11/w/user-documentation/71797/change-system-defaults-for-locking-out-usersen-US14.0.0.586 14https://community.telligent.com/community/11/w/user-documentation/71797/change-system-defaults-for-locking-out-usersFri, 25 Jun 2021 19:00:44 GMT7eebab44-306c-4149-bb72-293df109b1abTom Paoluccihttps://community.telligent.com/community/11/w/user-documentation/71797/change-system-defaults-for-locking-out-users#commentsCurrent Revision posted to User Documentation by Tom Paolucci on 06/25/2021 19:00:44<br /> <p>[toc]</p> <p>By default, Telligent Community Server locks a user out of the site after five incorrect attempts or failed attempts within a specific time interval. However, there are three values you can change in the web.config or communityserver.config file to affect these defaults:</p> <ul> <li>Number of bad attempts (for example, default five failed attempts)</li> <li>Period during which bad attempts are counted (for example, default failed attempt period of five minutes)</li> <li>Amount of time the account is locked out (for example, default lockout of five minutes)</li> </ul> <h4 id="change_number_of_attempts"><a name="Change_number_of_attempts"></a>Change number of attempts that triggers lockout</h4> <p>To change the number of login attempts that will trigger an account lockout:</p> <p>Search for the following entry in the web.config file:</p> <p>maxInvalidPasswordAttempts=&quot;5&quot;</p> <p>and replace &quot;5&quot; with the desired number of failed attempts you want to allow, for example 3 attempts:</p> <p>maxInvalidPasswordAttempts=&quot;3&quot;</p> <p>Save the file.</p> <h4 id="change_attempt_counting_period"><a name="Change_attempt_counting_period"></a>Change failed attempt period that triggers the lockout</h4> <p>The default period for counting failed attempts is five minutes. To change the attempt count period:</p> <p>Search for the following entry in the<span style="font-family:courier new,courier;"> web.config</span> file:</p> <p>passwordAttemptWindow=&quot;5&quot;</p> <p>and replace &quot;5&quot; with the desired number of minutes you want the failure cycle to contain. For example, shortening the period will allow the incorrect attempts to reset more quickly, for example 3 minutes:</p> <p>passwordAttemptWindow=&quot;3&quot;</p> <p>Save the file.</p> <h4 id="change_lockout_period"><a name="Change_lockout_period"></a>Change how long the lockout lasts</h4> <p>Once the maximum number of attempts has occurred or the attempt counting period is used up, the system will lock out the user account. To change this lock period:</p> <p>Search for the following entry in the <span style="font-family:courier new,courier;">communityserver.config</span> file:</p> <p>unlockUserAfterMinutes=&quot;5&quot;</p> <p>and replace &quot;5&quot; with the desired number of minutes you want the user to wait before his/her password will be reset, for example 3 minutes after the lockout is initiated:</p> <p>unlockUserAfterMinutes=&quot;3&quot;</p> <p class="tdocs-note">&nbsp;Use&nbsp;-1&nbsp;to&nbsp;never&nbsp;automatically&nbsp;unlock&nbsp;an&nbsp;account.</p> <p id="unlock_a_users_account">Save the file.</p><div style="clear:both;"></div>