- Notes, cautions, and warnings
- Preface
- Introduction
- Security Quick Reference
- Product and Subsystem Security
- Authentication
- Login security settings
- User and credential management
- Updating the SSL security certificate
- Authentication to external systems
- Authorization
- RBAC privileges
- Network security
- Data security settings
- Cryptography
- Electromagnetic Radiation Isolation
- Auditing access
- Syslog logging
- Alerting
- Serviceability
- Log management
- Manual Cyber Recovery vault security
- Miscellaneous Configuration and Management
Dell PowerProtect Cyber Recovery 19.14 Security Configuration Guide
Failed login behavior
To mitigate brute-force attacks on Cyber Recovery user accounts, the Cyber Recovery software applies timeout periods to an account after unsuccessful login attempts.
The following table outlines the timeout periods between unsuccessful login attempts:
| Number of login attempts | Timeout period (seconds) |
|---|---|
| 1–2 | 0 |
| 3–6 | 5 |
| 7–9 | 15 |
| 10–12 | 30 |
During a timeout period, the Cyber Recovery software ignores all login attempts until the timeout period expires. The Invalid credentials supplied error message is displayed during the timeout period. After 12 unsuccessful login attempts, the account is locked unless the user is a security officer. A security officer must wait 2 minutes between each future login attempt. A successful login resets the number of login attempts back to 0. This same timeout behavior occurs when the login attempt is made using the Cyber Recovery UI, CLI, or REST API.
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please select whether the article was helpful or not.
Comments cannot contain these special characters: <>()\