You are here: Passwords > Customizing the Login Lockout Feature

Customizing the Login Lockout Feature

You can implement a Login Lockout feature that prevents users from attempting to log in after a certain number of failed attempts or within a certain timeframe. For example, a user types an incorrect password 3 times. After the third failed attempt he is no longer able to try again and the user account is locked for the time period you specify.

Depending on your choice of settings, when the attempt-threshold is reached a user's account can be suspended temporarily for a fixed length of time or disabled completely, requiring an Administrator to re-enable it. Once a user account has entered a timed lockout period, it is irreversible by the user, an Administrator or LearnCenter Owners.

The account lockout applies only to the current LearnCenter; if a user is a member of other LearnCenters (parent or sub), those accounts are unaffected. Settings for the Limited Login Attempts feature can be adjusted for each LearnCenter and sub LearnCenter. The following rules apply:

The functionality for limited login attempts consists of several options that can be used individually, in combination, or not at all. A setting of 0 turns off an individual option. The default value for each method is set to 0, so this feature is disabled until you enable it.

On the ControlPanel:

  1. Click   on the Options menu to expand it.
  2. Click Security.
  3. Scroll down if necessary to view the General panel.

  1. Click the Requires Login check box if you want to force users to log in with their user name and password each time they visit the LearnCenter.
    or
    Clear the check box if you do not want to force users to log in with their user name and password each time they visit the LearnCenter.

If you click this check box, users will not be able to see the information in dynamic objects placed on LearnCenter pages until they log in.

  1. Type the number of consecutive Account Lockout Threshold Attempts a user can make before the user's account is disabled. This method takes precedence over all other lockout methods. (An Administrator must re-enable a user’s disabled account.)
  2. Type the Account Lockout Consideration period in minutes in which the specified number of failed attempts must occur in order to disable the account. The timer begins at the first failed login. (An Administrator must re-enable a user’s disabled account.)
  3. Type the number of consecutive Timeout Lockout Threshold Attempts a user can make before the user's account is suspended (not disabled) for a specified time period.
  4. Type the Timeout Lockout Consideration period in minutes in which the specified number of failed attempts must occur in order to temporarily suspend the account. The timer begins at the first failed login. (When an account is suspended the user is locked out for a specified period of time, after which further login attempts can be made.)
  5. Type the Timeout Lockout Duration in minutes that an account suspension will last. This setting applies only to the timeout methods above that temporarily suspend an account; it has no bearing on Account Lockouts.

If you do not want to implement the Login Lockout feature for your LearnCenter, set all the fields above to 0.

  1. If your LearnCenter uses customized messages for failed logins, type the message you want to display for Username Not Found. This custom login message displays after an invalid login attempt when the username was incorrect.

Example: The username you entered is not in our system.

  1. If your LearnCenter uses customized messages for failed logins, type the message you want to display for Password Incorrect. This custom login message displays after an invalid login attempt when the password was incorrect.

Example: The password you entered is not correct.

  1. If your LearnCenter uses customized messages for failed logins and the Login Lockout feature, type the message you want to display when a user’s account is disabled for Account Lockout. This is the message that displays to alert the user that the account is disabled.

Example: Due to too many login attempts, your account is now disabled. Contact your System Administrator to re-enable your account.

  1. If your LearnCenter uses customized messages for failed logins and the Login Lockout feature, type the message you want to display when a user’s account is suspended due to Timeout Lockout. When using the Login Lockout feature, this message displays when the account is temporarily suspended.

Example: Due to too many login attempts, your account is temporarily suspended. Try again in 20 minutes.

Related Topics IconRelated Topics

Concept Link IconSee Also

 

Copyright © 2010-2015, Oracle and/or its affiliates. All rights reserved.