Security user lock

Tags:

Usecase:

Every company can have a special security requirements to software, where they keep important data. One of our customer required to block users, who enter incorrect login and password more then 5 times.

Competition:

Protect system form illegal entrance and inform Administrators about suspicious login activities in Easy Product

Solution:

In More > Administration > Plugins > Rys plugins you can find a new plugins "Security user lock". Here you turn this feature ON or OFF

Security_user_lock

When the plugin is active, in More > Administration > Settings > Authentication appears new section "Unsuccesful login attempts"

Turn_this_feature_on

In a first step, when you enable this feature, here will appear 2 fileds, where you can set up limit of unsucces login attempts (1) and option to set up for which period such a user will be locked (2). If you enter to field "2" 0 - it means, that user wouldnt be unlocked automtically, and only admin can unlock this user manually

Security_user_lock_settings

When you save changes, 2 additional fields will appear

1 - If you enter 0 to this field, it means, that user wouldnt be unlocked automtically, and only admin can unlock this user manually

2 - Here you can add message, which will be displayed to your user

3 - Here you can select, who will be notified, if some user will be blocked

Security_user_lock_additional_settings

 

After you save that settings, and some user will make more unsecces attempts to login with correct login but incorrect password, he will be locked. It will  also display him your notification from settings.

Security_user_lock_notification

Minimal required version:

+1

i'd suggest adding logging all user login attempts, with possibility to export to xls these records for analysis (automatic deletion of records older than 60 days should be fine, too)