HPE Community
Operating System - HP-UX
1833396 Members
3357 Online
110052 Solutions
New Discussion

Re: "unsuccessful login attempts" counter; when does it get reset?

 
SOLVED
Go to solution
Matt Hearn
Regular Advisor

‎10-25-2005 03:49 AM

‎10-25-2005 03:49 AM

"unsuccessful login attempts" counter; when does it get reset?

A silly, simple question: if I have my "unsuccessful login attempts" set to lock the account at three bad tries, how often does that counter reset?

If somebody types their password wrong twice, and then gets it right, does the counter automatically reset? What if they get it wrong twice, and just give up? Does it stay at 2 until they try again and either succeed, or lock the account?

Thanks!
0 Kudos
Reply
4 REPLIES 4
Victor BERRIDGE
Honored Contributor

‎10-25-2005 04:01 AM

‎10-25-2005 04:01 AM

Solution

Re: "unsuccessful login attempts" counter; when does it get reset?

Hi,
>If somebody types their password wrong twice, and then gets it right, does the counter automatically reset?
YES
What if they get it wrong twice, and just give up..
Exactly

The easy way to change the login attempts is to use SAM>users...>Action>General User Account Policies/ Unsuccessfull login Tries allowed...


All the best
Victor
Reply
Charles McCary
Valued Contributor

‎10-25-2005 05:02 AM

‎10-25-2005 05:02 AM

Re: "unsuccessful login attempts" counter; when does it get reset?

To further answer the second part of your question (Victor answered the first just fine), when they attempt to login twice unsuccessfully, yes it simply stays at two until they try again and fail (and the account would then lock) or they try again and succeed (and the counter would be reset).

thanks,
c
Reply
Bharat Katkar
Honored Contributor

‎10-25-2005 06:00 AM

‎10-25-2005 06:00 AM

Re: "unsuccessful login attempts" counter; when does it get reset?

What if they get it wrong twice, and just give up?

Here i think (not sure) if they give up and close the telnet session then it should reset. This should apply to particular session itself.

Regards,
You need to know a lot to actually know how little you know
0 Kudos
Reply
doug hosking
Esteemed Contributor

‎10-26-2005 07:21 AM

‎10-26-2005 07:21 AM

Re: "unsuccessful login attempts" counter; when does it get reset?

"Here i think (not sure) if they give up and close the telnet session then it should reset. This should apply to particular session itself"

The problem with this approach is that attackers who know about this could exploit that feature, using automated login attempts, perhaps even running multiple parallel sessions trying to crack passwords, with sessions automatically restarting when they hit N-1 failed login attempts. To prevent that, it is not appropriate to reset the count for every session. It MAY make sense in some cases to reset the count after some period of time has elapsed since the last failed login attempt, but that approach in general also has problems.

Of course the perception of the 'right' answer depends on many factors such as what the risk of malicious activity is and how valuable the data on the system is.

Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.