MaxBadLogins
specifies how many
consecutive bad PINs or bad OTP codes will be tolerated in the last
BadLoginWindow
seconds. If more than
MaxBadLogins
bad authentication attempts occurs and
if the last one is within the last BadLoginWindow
seconds, the authentication attempt will be rejected. The user must wait
at least BadLoginWindow
seconds before attempting to
authenticate again. MaxBadLogins
defaults to
10.
Attempt counter and window information is maintained in SQL with
UpdateQuery
and
AuthSelect
.