10

Account lockout process is too aggressive

The process that locks portal accounts is too aggressive - locking the account for a significant time after a small number of attempts.

The system should increase the number of allowed failed logons to 5, and decrease the lockout period to 30 minutes. In addition, the system should reflect back to the user when the account will be unlocked on the attempt that causes the lockout.

7 comments, 10 total votes

Please sign in to leave a comment.