Administration and Maintenance > Add Users to IDOL Server > Implement User Account Security > Set Maximum Login Attempts

Set Maximum Login Attempts
To protect against brute force attacks on user accounts, you can configure IDOL server to lock user accounts when there are too many invalid logon attempts within a specified time period.
To set a maximum number of logon attempts
Find the [User] section or create one if it does not exist.
Set the LoginMaxAttempts parameter to the maximum number of invalid login attempts to allow within the time period.
Set the LoginExpiryTime parameter to the time (in seconds) before the current number of login attempts resets. IDOL server locks the user account if there are too many invalid login attempts within this time period. For example:
In this example, the user account locks if there are three invalid login attempts within 60 seconds of each other.
To automatically unlock users, set the LockRemovalDuration parameter to the length of time that the user remains locked. For example:
Set LockRemovalDuration to -1 to disable it.
Users must contact a system administrator to unlock their accounts, unless the LockRemovalDuration parameter is configured.