You are here: Passwords > Customizing the Login Lockout Feature
Customizing the Login Lockout Feature
You can implement a Login Lockout feature that prevents users from attempting to log in after a certain number of failed attempts or within a certain timeframe. For example, a user types an incorrect password 3 times. After the third failed attempt he is no longer able to try again and the user account is locked for the time period you specify.
Depending on your choice of settings, when the attempt-threshold is reached a user's account can be suspended temporarily for a fixed length of time or disabled completely, requiring an Administrator to re-enable it. Once a user account has entered a timed lockout period, it is irreversible by the user, an Administrator or LearnCenter Owners.
The account lockout applies only to the current LearnCenter; if a user is a member of other LearnCenters (parent or sub), those accounts are unaffected. Settings for the Limited Login Attempts feature can be adjusted for each LearnCenter and sub LearnCenter. The following rules apply:
- If a sub LearnCenter does not specify a setting, it inherits the setting of its parent.
- If it is enabled in the parent but not in the sub LearnCenter, it is enabled in both.
- If no value is specified in both the parent LearnCenter and its sub LearnCenter, this feature is disabled.
- The settings made in the sub LearnCenter override the settings of the parent, so you can have a sub LearnCenter enabled and not the parent.
- By changing the inherited settings in the sub LearnCenter to 0, the parent LearnCenter can be enabled and not the sub LearnCenter.
The functionality for limited login attempts consists of several options that can be used individually, in combination, or not at all. A setting of 0 turns off an individual option. The default value for each method is set to 0, so this feature is disabled until you enable it.
On the ControlPanel:
- Click
on the Options
menu to expand it.
- Click
Security.
- Scroll down if necessary to view the General panel.
- Click
the Requires Login check box if you
want to force users to log in with their user name and password each time
they visit the LearnCenter.
or
Clear the check box if you do not want to force users to log in with their
user name and password each time they visit the LearnCenter.
|
If you click this check
box, users will not be able to see the information in dynamic
objects placed on LearnCenter
pages until they log in.
|
- Type
the number of consecutive Account Lockout Threshold
Attempts a user can make before the user's account is disabled.
This method takes precedence over all other lockout methods. (An Administrator
must re-enable a user’s disabled account.)
- Type
the Account Lockout Consideration period
in minutes in which the specified number of failed attempts must occur
in order to disable the account. The timer begins at the first failed
login. (An Administrator must re-enable a user’s disabled account.)
- Type
the number of consecutive Timeout Lockout Threshold
Attempts a user can make before the user's account is suspended
(not disabled) for a specified time period.
- Type
the Timeout Lockout Consideration period
in minutes in which the specified number of failed attempts must occur
in order to temporarily suspend the account. The timer begins at the first
failed login. (When an account is suspended the user is locked out for
a specified period of time, after which further login attempts can be
made.)
- Type
the Timeout Lockout Duration in minutes
that an account suspension will last. This setting applies only to the
timeout methods above that temporarily suspend an account; it has no bearing
on Account Lockouts.
|
If you do not want to
implement the Login Lockout feature for your LearnCenter,
set all the fields above to 0.
|
- If your
LearnCenter uses
customized messages for failed logins, type the message you want to display
for Username Not Found. This custom login message displays after an invalid login attempt when the username was incorrect.
Example: The username you entered is not in our system.
- If your
LearnCenter uses
customized messages for failed logins, type the message you want to display
for Password Incorrect. This custom login message displays after an invalid login attempt when the password was incorrect.
Example: The password you entered is not correct.
- If your
LearnCenter uses
customized messages for failed logins and the Login Lockout feature, type
the message you want to display when a user’s account is disabled for Account Lockout. This is the message that displays to alert the user that the account is disabled.
Example: Due to too many login attempts, your account is now disabled. Contact your System Administrator to re-enable your account.
- If your
LearnCenter uses
customized messages for failed logins and the Login Lockout feature, type
the message you want to display when a user’s account is suspended due
to Timeout Lockout. When using the Login Lockout feature, this message displays when the account is temporarily suspended.
Example: Due to too many login attempts, your account is temporarily suspended. Try again in 20 minutes.
Related Topics
See Also
Copyright © 2010-2015, Oracle and/or its affiliates. All rights reserved.