Enable Brute Force Protection for Authentication

From SAP Enable Now Wiki
Revision as of 21:53, 4 January 2021 by Admin (talk | contribs) (Created page with "__NOTOC__ ==Where to find it== * ''Manager'' > '''Administration > Server Settings''' menu > ''Security'' category > '''{{PAGENAME}}''' setting ==Purpose== A 'brute force' at...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Where to find it

  • Manager > Administration > Server Settings menu > Security category > Enable Brute Force Protection for Authentication setting

Purpose

A 'brute force' attack on a system is a repeated attempt to 'guess' the password - typically, by using a program to try multiple times in quick succession. This property attempts to circumvent this, by making the user wait for a period before trying again, if they get their password wrong five times in a row. The official SAP documentation says that the delay increments by 1 minute each subsequent incorrect attempt, until it gets to 30 minutes at which point the Userid is locked out (presumably set to inactive), but I can't honestly say I've sat there and put this to the test.