On 05/04/16 09:46, Stian Thorgersen wrote:
Currently [1] the failed login attempts are not reset on a successful
login. This could cause a user with bad memory to lock the account
over time. This can be prevented by setting "Failure Reset Time", but
is that sufficient. Should we reset the failed login attempts on
successful login?
I think that yes, I believe that's what most of the web-sites
are doing
as well?
Marek
[1]
https://issues.jboss.org/browse/KEYCLOAK-2692
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev