Control Lockout Time for Invalid Password Reset Attempts

  • Release version: Australia
  • Updated March 12, 2026
  • 1 minute to read

    • The password_reset.request.max_attempt_window property controls the number of minutes a user must wait to reset or change their password after exceeding the maximum number of unsuccessful attempts that is set with the password_reset.request.max_attempt property.

    The password_reset.request.max_attempt_window system property defines the number of minutes a user must wait to reset or change their password after exceeding the maximum number of unsuccessful attempts that is set with the password_reset.request.max_attempt property.

    Ensure that the property password_reset.request.max_attempt_window is set to 1440 or greater.

    More information

    Attribute Description
    Configuration name password_reset.request.max_attempt_window
    Configuration type System Properties (/sys_properties_list.do)
    Data type Integer
    Recommended value An integer greater than or equal to 1440
    Default value <none>
    Fallback value 1440
    Category Authentication
    Security risk
    • Severity score:
    • CVSS rating:
    • Security risk details: A value too low increases the risk of successfully brute forcing a password as a greater number of password reset attempts can be made.
    Functional impact None
    Dependencies and prerequisites None