Previous Topic: Password Expires from Inactivity SettingsNext Topic: Configure Password Composition


Incorrect Password Settings

In the Incorrect Password settings section, you can specify how many failed logins are allowed before disabling the user account. You can also specify how long the account is disabled before a user can attempt to log in again. This section applies only when you have selected the Track Failed Logins check box.

Note: This setting requires additional configuration. See Enable Additional Password Policies.

The Incorrect Password section contains the following fields:

Account disabled after <number> successive incorrect passwords

This setting determines the number of consecutive failed log-in attempts a user can make. Limiting the number of unsuccessful attempts protects against programs that are designed to access a resource by repeatedly trying passwords until the correct one is found. If a user fails to log in correctly after the specified number of attempts, CA Identity Manager disables the account. An administrator is required to reenable the account.

After <number> minutes

This setting determines the length of time that a user waits before making another login attempt or their account is reenabled. If the user enters another incorrect password, CA Identity Manager disables the account again. The user waits the specified amount of time before trying again.

Allow one login attempt

This setting specifies the number of minutes after a user enters an incorrect password before one additional log-in attempt.

Re-enable account

This setting reenables an account after the specified number of minutes.