Whats the difference between
Q1. Wait Increment and Max Wait ? Please advise.
Q2. Why is the login error message is showing as “Invalid credentials” though my account was temporarily disabled/locked, I am expecting something more meaningful message like, your account was temporary locked/disabled. Can we achieve this ? Please advise.
Thanks,
Narendra
Better defs in the docs:
Wait Increment: The time added to the time a user is temporarily disabled when the user’s login attempts exceed Max Login Failures.
Max Wait: The maximum time a user is temporarily disabled.
The error message shows “Invalid credentials” as it is a security practice not to let a user know they have been temporarily disabled if the account is under attack
Wait increment - this is the “increment”, the addition, the amount of time added to the time a user is temporarily disabled when the user’s login attempts exceed Max Login Failures.
Max wait - is the time the user is temporarily disabled.
So imagine you got locked out and you are not patient enough to wait the Failure Reset Time, each time you try to log in, it will add another X minutes (wait increment) to the time you have to wait. This forces a user to wait and if the attacker is a bot, any extra login trial will keep him for more time out of the system.
