By default, the system locks out a user after a number
of failed answer attempts to secret questions.
In case of failed answers, the FAILURE_TYPE is set to ANSWER in
the PLT_USER_LOGIN_FAILED table.
- The IPasswordPolicyForSecretAnswers interface associated with
the rule type = password secret answer can be used
to check for failed answers.
- Use the following parameters in the implementation class for validation.
You can configure the values for these parameters in the password
policy as required:
- MaxFailedAnswers: Number of allowed incorrect answers within the
interval specified in the attribute CheckIntervalMinutes.
- CheckIntervalMinutes: Time interval (in minutes) allowed for incorrect
answers, after which the answers are not validated and the user is
locked out for this duration. For example, if the interval specified
is 180 mins and the number of allowed wrong answers exceeds this limit,
the user is locked out for 3 hours. The user can login again after
the interval lapses.