U4-8645 - Usermanagement - Reset lockout after x minutes

Created by Jeffrey Schoemaker 22 Jun 2016, 15:12:59 Updated by Jeffrey Schoemaker 22 Jun 2016, 15:12:59

After 10 incorrect login attempt a backoffice-user is locked out to avoid brute force attacks (ripped of the excellent page umbraco.com/security) => The field userNoConsole in the table umbracoUser is set to 1. The only way to unlock a user is to update the table and set it back to 0 again.

Preferably you could specify a timeout and after that time the lockout is reset. By default that could be 10 minutes. In that way it's practically impossible to bruteforce Umbraco.

Comments

Priority: Normal

Type: Feature (request)

State: Submitted

Assignee:

Difficulty: Normal

Category:

Backwards Compatible: True

Fix Submitted:

Affected versions:

Due in version:

Sprint:

Story Points:

Cycle: