After five incorrect login attempts on an account, Telligent Community Server locks out the account for five minutes. This value is configurable.
This feature is only for Forms Authentication. If you are using Windows Authentication, consider creating a group lockout policy.
Community Server locks a user out by default if he/she makes five incorrect login attempts over the space of five minutes. The lockout period itself lasts five minutes, meaning that the attempt counter resets every five minutes while the account is locked out.
When the lockout occurs, the user is redirected to an error page.
The user is also emailed a message stating that his/her account has been locked out, informing him/her in case someone has tried to crack the password.
The following aspects of this lockout can be changed in configuration files:
- Number of bad attempts (for example, default of five attempts)
- Period during which bad attempts are counted (for example, default five minutes)
- Amount of time the account is locked out (for example, default five minutes)