3.88.5. MaxBadLogins Previous topic Parent topic Child topic Next topic

MaxBadLogins specifies how many consecutive bad PINs or bad HOTP codes will be tolerated in the last BadLoginWindow seconds. If more than MaxBadLogins bad authentication attempts (according to field 5 from AuthSelect occurs and if the last one is within the last BadLoginWindow seconds (according to field 6 from AuthSelect), the authentication attempt will be rejected. The user must wait at least BadLoginWindow seconds before attempting to authenticate again. MaxBadLogins defaults to 10.