System settingsOptionsLogin

Login

You can set the login policy setting per database. If you select the Enable Login Policy check box, consecutive failed login attempts are monitored based on the policy settings. Users can be locked out once, twice, or have their account disabled.

The Disable Auto Login option disables users selecting the Auto Login option in PSIsafe Desktop login window.

There are three stages of login policy enforcement.

Stage 1

When a user's consecutive failed login attempts reaches the "Number of failed attempts before first lockout" setting, the user is first locked out for a specified duration obtained from the setting Duration of first lockout (min). During this lockout time, the user is not allowed to log in and will receive the Account temporarily locked out message.

Stage 2

After the lockout duration has elapsed, a successful login resets the failed attempts count, but if the failed logins persist and the number of attempts reaches the sum of "Number of failed attempts before second lockout and after first lockout" and the "Number of failed attempts before first lockout" settings, the user is locked out again for a specified duration obtained from the setting Duration of second lockout (min). During this lockout time, the user cannot log in and receives the Account temporarily locked out message.

Stage 3

After the second lockout duration has elapsed, a successful login resets the failed attempts count, but if the next login attempt results in a failure, the user account is disabled and requires the system administrator to enable the account. The message received immediately after this is Account disabled due to security policy violation. Please contact your administrator. Any further failed attempts displays the generic Account disabled. Please contact your administrator message.

Default configuration is the following:

  • Login Failure Policy is not enabled (client checks Enable Policy).
  • Number of failed attempts before first lockout: 3.
  • Duration of first lockout: 2 minutes.
  • Number of failed attempts before second lockout and after first lockout: 3.
  • Duration of second lockout: 2 minutes.

Click Save to apply any changes.

The Login Failure Policy and its settings can be enabled or modified only by the system administrator and can be accessed from the System > Settings section in PSIsafe Desktop Management.