Security Admin section - Login Cool Down

Matthijs Hofstede

Posted on 25/11/2011 09:43:11

Some of our high end customers are concnerned about the security of the admin section off DynamicWeb.

One off the suggestions is that we build in a cool down function on the login. This means you have the wait a some minutes before you can try to log in again after you type in a wrong password a couple off times.

Another suggestion was we force users to change their password every couple off months and we can set up some rules for the password (number off characters, must contain a special character)

Replies

Nicolai Høeg Pedersen

Posted on 25/11/2011 10:35:38

Hi Matthijs

Both are great ideas.

The user management does have a "secret" setting that enables the rules for password that you specify. Used for some banks and public organizations. Will look into making it public available with 8.1.

Morten Bengtson

Posted on 25/11/2011 12:23:22

Hi Nicolai,

Will it be possible to have the same features in front-end login (extranet)?

"cool down"
disable user account after x failed login attempts (+ send e-mail notification to user and/or admin)
password expiration
password complexity requirements (length, characters/numbers/symbols)

Are any of these features available? I think there was something like this in the old Extranet, but I could not find any settings for it in management center. Can they be enabled somehow?

Rene Poulsen

Posted on 18/06/2012 13:36:56

An extra feature that would be nice is that the user shouldn't be able to change the password to a password that they have used before. We have a customer requesting that functionality.

Developer forum

Security Admin section - Login Cool Down

Replies