The Account Lockout settings determine how the system responds when incorrect passwords are entered.
Having Silhouette lock out a user that enters a password incorrectly is a security measure that prevents "brute force" attacks by someone entering a series of passwords, hoping one is correct. It creates a potential inconvenience for legitimate users who accidentally mis-enter their passwords, but this situation can be limited by allowing a reasonable number of failed attempts within a certain time period before locking the user out. Once locked out, a user will need to request an administrator to unlock their account.
LDAP Integration
The settings described in this section are only relevant to user accounts which are created directly within SilhouetteCentral's admin user interface. If a user is created / controlled via LDAP integration these settings are not applicable and it is the responsibility of the LDAP server to define and implement account lock out functionality.
When the check box is ticked, users will be locked out of their account according to the settings in Failed Log on Attempts Before Locking Account and Failed Log on Check Interval.
This setting determines how many failed log on attempts the system tolerates. Once the user has failed to login the specified number of times the user's account will automatically be locked.
Permit a reasonable number of failed attempts to allow for users mistyping their passwords, or accidentally leaving the Caps Lock on.
The number of failed log on attempts does not accumulate indefinitely. It will be reset whenever the user manages to successfully log on, or a system administrator unlocks a locked user account. Additionally it will be reset once the number of minutes specified via the Failed Log on Check Interval setting have passed since the last invalid log on attempt. This setting allows occasional failed log ons due to the user miss typing their password, while sufficiently delaying attackers from trying to "brute force" a password by continually guessing.