Maximize reset password request retry window duration [Updated in Security Center 1.3]
The password_reset.request.retry_window property controls the number of minutes before the count for password reset attempts refreshes.
More information
| Attribute | Description |
|---|---|
| Property name | password_reset.request.retry_window |
| Configuration type | System Properties (/sys_properties_list.do) |
| Category | Authentication |
| Purpose | Denotes the length of time in minutes before the count for password attempts refreshes from the last request before the retry count is reset to zero. |
| Recommended value | Set to a positive integer value of 1440 or more. The default value is 1440 minutes. |
| Configuration type | Positive integer values. |
| Security risk | (High) If the property is not set to the recommended value of 1440 or more, then it could be possible to perform account brute force against password reset process. |
| Security risk rating | 7.5 |
| References | Configure Password Reset properties |
To learn more about adding or creating a system property, see Add a system property.