Is there a way to avoid a Brute Force Attack to lock all user accounts from my User Store?

Document ID : KB000052250
Last Modified Date : 14/02/2018
Show Technical Document Details

Description:

How to avoid a Brute Force Attack to lock all user accounts from my User Store?

Solution:

To stop a Brute Force Attack from the internet against your User Store, you have first to filter requests by IP's on:

  • Firewall

  • Reverse proxy

And you can avoid getting massive locked accounts by setting the Password Policy to re-enable the User's account after a period of time by the "Expiration" Tab of the Password Policy.