Setting Lockout Thresholds for Invalid Attempts

To tighten security and prevent unwelcome visitors from entering the site, you want users to be locked out after five failed login attempts and you want them to be locked out for the whole day. In the Password Management utility, set a threshold for five invalid login attempts using the same User ID and set the user lockout duration to 24 hours.
 

Threshold

Description

Based on Same UserID (employee login)

After a set number of failed attempts using the same User ID, the user is lock out. Select the number of attempts in the drop-down list (from 5 to 10 attempts)

Based on Same SSN (first time login, forgot password/User ID)

After 9 failed attempts using the same social security number during first time login or in the Forgot User ID or Forgot Password utility, the user is locked out (not editable)

Based on Failed Secondary Authentication Attempts

After 4 failed attempts of trying to answer the user's unique security question (which is prompted on unrecognized devices), the user is locked out (not editable)

Based on Any Type of Failed Attempt from Same IP Address

After 50 failed attempts from the same IP address, the user is locked out (not editable)

User Lockout Duration (allowed range 1-24 hours, 1 calendar day)

After meeting the threshold for invalid login attempts, the user cannot log on to ExponentHR for a set number of hours with the correct login. Select the number of hours in the drop-down list (from 1 to 24 hours) or select 1 Calendar Day (to block the user until the next day).