Enable Brute Force Protection for Authentication

From SAP Enable Now Wiki
Revision as of 22:10, 22 October 2021 by Admin (talk | contribs) (→‎Purpose)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Where to find it

  • Manager > Administration > Server Settings menu > Security category > Enable Brute Force Protection for Authentication setting

Purpose

A 'brute force' attack on a system is a repeated attempt to 'guess' the password - typically, by using a program to try multiple times in quick succession. This property attempts to circumvent this, by making the user wait for a period before trying again, if they get their password wrong five times in a row. The official SAP documentation says that the delay increments by 1 minute each subsequent incorrect attempt, until it gets to 30 minutes at which point the Userid is locked out (presumably set to inactive), but I can't honestly say I've sat there and put this to the test.

See Also