If SMS authentication is not enabled, there is no limit on the number of failed login attempts, allowing brute-force attacks through trying all possible passwords, which poses a significant security risk to the platform.
Implementing measures to prevent brute-force attacks during login is important to improve product security.
You can enable Login Lock to prevent brute-force attacks.
Log in to the FineDataLink system as the admin, choose System Management > System Setting > Login > Login Lock Setting, and then enable Login Lock, as shown in the following figure.
For example, if you set Error Times Limit to If Password Error Reaches 5 Time(s), Lock Login for 60 Minute(s), the account to be logged in will be locked after 5 incorrect password attempts in 60 minutes. The effect is shown in the following figure.
:
Lock Object can be set to Account or IP.
Account: In the locked status, a common account remains locked even if the user switches devices. When the Lock Admin Account is enabled, the admin account also remains locked even if the admin switches devices.
IP: In the locked status, all accounts attempting to log in from the locked IP address on the current server will be locked. Users can log in to the platform by switching to a device with a different IP address.
1. Unlocking can be achieved automatically and manually.
If a user account is locked, the account can be automatically unlocked after the set lock time (for example, 60 minutes). You (the admin) can also manually unlock the account by clicking the unlock icon, as shown in the following figure.
2. Alternatively, users can unlock their account by clicking Forgot Password on the login page to reset the password.
3. The locked status can also be removed when the admin disables the Login Lock function.
滑鼠選中內容,快速回饋問題
滑鼠選中存在疑惑的內容,即可快速回饋問題,我們將會跟進處理。
不再提示
10s後關閉
Submitted successfully
Network busy