I have a requirement from a customer to block or force a password change after 5 invalid login attempts. Brute force is not configurable. How can I do this in a rule or other way?
Hey there @jstevenson! You can setup a rule that forces the end user to change their password after X amount of failed attempts. It’s also important to note that after 10 failed attempts from the same IP address Brute Force protection kicks in as described here. Please let me know if this helps answer your questions. Thanks!
I wanted to follow up @jstevenson and see if you had any further questions on the subject. Thanks!
How do I know when an invalid login attempt happens and how do I know when those failed logins reach a limit?