[keycloak-dev] Should failure count be reset on successful login
Marek Posolda
mposolda at redhat.com
Tue Apr 5 07:08:00 EDT 2016
On 05/04/16 09:46, Stian Thorgersen wrote:
> Currently [1] the failed login attempts are not reset on a successful
> login. This could cause a user with bad memory to lock the account
> over time. This can be prevented by setting "Failure Reset Time", but
> is that sufficient. Should we reset the failed login attempts on
> successful login?
I think that yes, I believe that's what most of the web-sites are doing
as well?
Marek
>
> [1] https://issues.jboss.org/browse/KEYCLOAK-2692
>
>
>
>
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-dev/attachments/20160405/596c8e66/attachment.html
More information about the keycloak-dev
mailing list