Maximize reset password verification delay duration [Updated in Security Center 1.3]

  • Release version: Xanadu
  • Updated August 1, 2024
  • 1 minute to read

    • Configure the delay, in milliseconds, that a user must wait before submitting a new password reset request.

    A bad actor could attempt to brute force login credentials by using automation tools like bots which the reset password verification delay property helps defend against. The property value represents the delay, in milliseconds, that a user must wait before they can place a request to reset the password. If this property is not set to the recommended value of 1000 or more, the login is more vulnerable to brute force attacks.

    More information

    Attribute Description
    Configuration name password_reset.verification.delay
    Configuration type System Properties (/sys_properties_list.do)
    Data type string
    Recommended value 1000
    Default value 1000
    Category Authentication
    Security risk
    • Severity score: 5.9
    • CVSS score: Medium
    • Security risk details: Setting the property value to less than 1000 makes your login more vulnerable to brute force attacks.
    Dependencies and prerequisites None
    References Configuring password for a user