Maximize reset password request unlock window duration

  • Release version: Australia
  • Updated March 12, 2026
  • 1 minute to read

    • The password_reset.request.unlock_window property controls the number of minutes a user must wait to start a reset request after the last successful unlock account action.

    The password_reset.request.unlock_window system property controls the number of minutes a user must wait to start a reset request after the last successful unlock account.

    Ensure the property password_reset.request.unlock_window is set to a value of 1440 or greater.

    More information

    Attribute Description
    Configuration name password_reset.request.unlock_window
    Configuration type System Properties (/sys_properties_list.do)
    Data type Integer
    Recommended value An integer greater than or equal to 1440
    Default value <none>
    Fallback value 1440
    Category Authentication
    Security risk
    • Severity score: 5.9
    • CVSS rating: Medium
    • Security risk details: If the value is too low, it increases the opportunity for a malicious actor from brute forcing the user's password using automated tools.
    Functional impact None
    Dependencies and prerequisites None