Is the a number of password attempts on the Umbraco backend before lockout? I haven't been able to find out anywhere whether there is or not. If there isn't it would be theoretically possible for a hacker to attempt to crack the password of an account - if the hacker had knowledge of the site and it was using Umbraco it wouldn't take long to realise the username (admin).
Also is there a way in the backend to change the password strength i.e. number of chars, special chars etc etc..
Thanks,
Adrian
p.s. I suppose one way to get round it is to IP restrict the Umbraco backend?
Password lockout for backend
Hi Guys,
Is the a number of password attempts on the Umbraco backend before lockout? I haven't been able to find out anywhere whether there is or not. If there isn't it would be theoretically possible for a hacker to attempt to crack the password of an account - if the hacker had knowledge of the site and it was using Umbraco it wouldn't take long to realise the username (admin).
Also is there a way in the backend to change the password strength i.e. number of chars, special chars etc etc..
Thanks,
Adrian
p.s. I suppose one way to get round it is to IP restrict the Umbraco backend?
Does anyone have an answer for the above?
Our client is very keen to get an answer - I have tried adding :
maxInvalidPasswordAttempts="5"
passwordAttemptWindow="10"
minRequiredPasswordLength="8"
They seem to be completly ignored!!
Yes, I'd like to know the answer to this too
is working on a reply...