Knowledge Base
  • Login

Lockout Mechanism

Introduction

The Password Lockout Mechanism in Joget is designed to protect user accounts from attacks by disabling the account after a certain number of failed login attempts. This feature enhances security by preventing unauthorized access through repeated password guesses.

How does it work?

The Lockout Mechanism is activated when a user enters an incorrect password a specified number of times. Once the threshold is reached, the account is locked, and the user is prevented from logging in. This policy prevents attackers can brute-forcing users passwords.

To configure this mechanism, administrators can adjust settings in the Security Enhanced Directory Manager plugin.

Follow these steps to Configure the Lockout Mechanism:

  1. Go to System Settings > Directory Manager Settings.
  2. Go to Select Plugin to choose Security Enhanced Directory Manager and click the blue Select button.
  3. In the General section, Set the number of Failed Login Attempts for Account Lockout.   
  4. Specify the Account Lockout Period (Minutes) (e.g., 10 minutes, 20 minutes, 30 minutes) 
  5. After configuring the lockout parameters, click Submit to save the changes.

Created by Aadrian Last modified by Aadrian on Mar 12, 2025
Tags:
Previous Initial password method NextPassword Format