Uploaded image for project: 'mod-login'
  1. mod-login
  2. MODLOGIN-41

Backend - Security: Handling: Failed login attempts - Lock Account

    XMLWordPrintable

Details

    • EPAM Sprint 1, EPAM Sprint 2, EPAM Sprint 3, EPAM Sprint 4
    • 5
    • Folijet

    Description

      As a person responsible for the security of the Folio platform
      I want to prevent brute force attacks of the Folio platform

      Conditions for Locking a Folio User Account

      • At [5] failed consecutive login attempts using a Folio username/password then lock user's Folio account
      • OR if [5] failed consecutive login attempts using Folio username/password occur in a [10 minute span] then lock user's Folio account
      • Settings Configuration: the settings in [brackets] should be configurable as Folio may need to change these settings in the future.
      • Settings Configuration: should be flexible to support additional rules for locking a user's Folio account

      Potential way to lock a Folio User Account

      • A way to lock the user's Folio account is by setting the user status = inactive

      Ways to unlock a Folio User Account

      • Via Folio, system librarian changes the user status = active

      TestRail: Results

        Attachments

          Issue Links

            blocks

            Story - Created by Jira Software - do not edit or delete. Issue type for a user story. UIU-591 Frontend: Indicate on User Detail record that the User is inactive due to failed login attempts

            • P3 - low priority level, item will be considered for inclusion in the next dev cycle
            • Closed
            clones

            Story - Created by Jira Software - do not edit or delete. Issue type for a user story. UIU-591 Frontend: Indicate on User Detail record that the User is inactive due to failed login attempts

            • P3 - low priority level, item will be considered for inclusion in the next dev cycle
            • Closed
            relates to

            Story - Created by Jira Software - do not edit or delete. Issue type for a user story. MODLOGIN-54 Show notification on the login page when a user account is blocked.

            • P3 - low priority level, item will be considered for inclusion in the next dev cycle
            • Closed

            Bug - A problem which impairs or prevents the functions of the product. MODLOGIN-171 Logs ERROR when using default config values

            • TBD - To be determined
            • Closed

            Story - Created by Jira Software - do not edit or delete. Issue type for a user story. UIU-590 Frontend: Security: Handling Failed login attempts via Folio Login Screen - Lock Account

            • P3 - low priority level, item will be considered for inclusion in the next dev cycle
            • Closed

            New Feature - New feature requests UXPROD-39 Local password management

            • P2 - normal priority level, must be included in the current development cycle
            • Closed

            Activity

              People

                kgambrell Khalilah Gambrell
                kgambrell Khalilah Gambrell
                Votes:
                0 Vote for this issue
                Watchers:
                5 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved:

                  TestRail: Runs

                    TestRail: Cases