User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.9) Gecko/2008052906 Firefox/3.0 Build Identifier: Bugzilla 3.0.4 It would be useful to be able to setup a limit on the number of unsuccessful attempts a user may have before their account becomes "locked out". On a publically accessible system, this is not perhaps useful, but within some industries there are requirements for users to be locked out after a number of unsuccessful login attempts (eg FDA - CFR21 Part 11 compliance). Suggest that the lockout applies regardless of authentication mechanism (DB or LDAP), and would need a way of recording a count of invalid login attempts internally. The lockout would need to be different to a disabled account (since disabled accounts are displayed with a strikethrough in the UI - for a locked out user account this wouldn't be required). Within parameters, an extra option in User Authentication would allow setting of the limit, or disabling of lockout by setting the parameter to zero (default). Reproducible: Always
Agreed! I have no idea if this is a dupe, though. In fact, the Mozilla Corporation has hired my company to implement this for bugzilla.mozilla.org as of just about a week ago. :-)
Assignee: user-accounts → mkanat
Status: UNCONFIRMED → NEW
Ever confirmed: true
Priority: -- → P2
(In reply to comment #1) > I have no idea if this is a dupe, though. Had a good look and couldn't see one :) Another thought on this would be to have an option for a user/group of users to receive a notification email when a user is locked out (again - not necessarily desirable in all situations, but covers a host of regulatory requirements).
The reason you couldn't find a dupe is because you cannot see it.
Status: NEW → RESOLVED
Last Resolved: 11 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 355283
Marking as a security bug as it's a dupe of a security bug.
Bug 355283 is no longer in the security group. Clearing the security flag here as well.
You need to log in before you can comment on or make changes to this bug.