Maximize reset password verification delay duration

Release version: Australia

Updated March 12, 2026

1 minute to read

Configure the delay, in milliseconds, that a user must wait before submitting a new password reset request.

If password_reset.verification.delay isn't set to the recommended value of 1000 or more, then password reset verification codes will be susceptible to brute force attacks.

More information


Attribute	Description
Configuration name	password_reset.verification.delay
Configuration type	System Properties (/sys_properties_list.do)
Data type	String
Recommended value	An integer greater than or equal to 1000
Default value	<none>
Fallback value	1000
Category	Authentication
Security risk	Severity score: 5.9 CVSS rating: Medium Security risk details: The milliseconds delay limits the ability of a malicious actor to attempt to guess users identification or verification details, by using automation tools (bots).
Functional impact	None
Dependencies and prerequisites	None