Enable Brute Force Protection for Authentication

From SAP Enable Now Wiki

Where to find it

  • Manager > Administration > Server Settings menu > Security category > Enable Brute Force Protection for Authentication setting

Purpose

A 'brute force' attack on a system is a repeated attempt to 'guess' the password - typically, by using a program to try multiple times in quick succession. This property attempts to circumvent this, by making the user wait for a period before trying again, if they get their password wrong five times in a row. The official SAP documentation says that the delay increments by 1 minute each subsequent incorrect attempt, until it gets to 30 minutes at which point the Userid is locked out (presumably set to inactive), but I can't honestly say I've sat there and put this to the test.

See Also