Failed login attempts?

Question

Does anyone know if AEM can lock the user account after certain failed login attempts?  It seems that we can brute force attack against user accounts with OOTB setting?

smacdonald2008 · Accepted Answer

Correct- this is not a documented feature and it not part of the out of the AEM demo - aka Geometrixx. We recently had an Ask the AEM community experts session on secure AEM web sites.

Although it did not talk about locking out users - it will point you in the right direction about using Sling and different login modules you can create.

https://communities.adobe.com/en/communities/aem_technologistsdevelopersarchitects/resources.html

Your use case would require custom logic to lock an account after x number of failed login attempts.

Also - i have not even seen a community article on this subject. This also suggests this is not an out of the box feature.

smacdonald2008 · Answer

You may want to look at writing a custom login module. Also - read this AEM documentation:http://docs.adobe.com/docs/en/cq/5-6-1/administering/security.html

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded