Skip to main content

This content has been archived and is no longer being updated. Links may not function; however, this content may be relevant to outdated versions of the product.

Support Article

Failed login attempts more than 3 times does not revoke password

SA-18088

Summary



User reports that, they were not able to revoke Operator's password when failed with login attempts more than three times.

As per the out-of-the-box behavior, the Operator's account gets locked for some time, and the user is able to login again.

Error Messages



No error messages.

Steps to Reproduce



1. Enable the security policy OOTB feature of "Enable authentication lockout penalty mechanism"
2. Try to login with more than three attempts with incorrect password. PRPC introduces only a delay but does not revoke the password.

Root Cause



Existing out of the box behavior for "Enable authentication lockout penalty mechanism" only introduces a delay, but does not revoke the password.

Resolution



Apply HFix-25414. HFix-25414 is provided for the existing Security Policies a new policy to support password lock out is added.

This involves the following Engine and UI changes:
  • Extra fields in Security Policies Landing page to support the feature
  • New Landing Page to unlock the operator

 

Tags:

Pega Platform Pega Platform 7.1.9 Case Management

Published January 31, 2016 - Updated October 8, 2020

Was this useful?

100% found this useful

Have a question? Get answers now.

Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.

Visit the Collaboration Center

Did you find this content helpful?

Yes
No

Want to help us improve?
Suggest an edit
Report a Pega Community bug

We'd prefer it if you saw us at our best.

Pega Community has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice