Help

Device Temporary Lockout After 5 Failed Password Attemps

peterr
New Contributor

Posted on ‎02-16-2022 10:25 AM

Hello,

We would like the following flow for our password Configuration Profile:

  1. If a user enters the incorrect password 5 times in a row...
  2. The user will be locked for 10 minutes...
  3. After which they can try to login again or reset their password...
  4. WE DO NOT WANT TO REQUIRE A LOCAL ADMIN TO RESET THE ACCOUNT IF IT IS LOCKED OUT

I can see that there is a setting "Delay after Failed Login Attempts (Not compatible with macOS 10.11 or later)

Delay after maximum number of failed attempts, in minutes. Requires configuring Maximum Number of Failed Attempts." in the Passcode section of the Configuration Profile. 
 
Does that setting meet our requirements? 
0 Kudos
Reply
2 REPLIES 2

BWonderchild
New Contributor III

Posted on ‎02-17-2022 09:48 PM

Hey Peterr,

 

Those settings should meet the requirements of your parameters. Just note, in my experience within a minute a user will phone a helpdesk and ask for a recovery key lol. 

0 Kudos
Reply

gachowski
Valued Contributor II

Posted on ‎02-28-2022 10:01 PM

Even when the OS messages says on the screen you are locked out try again in 5 mins  : ) Also I think T1, T2 and Apple CPU have a version of this baked in the the hardware...

0 Kudos
Reply