Hi, I am not able to understand the temporary lockout algorithm. i copied the confusing part below. my questions are the following
q1) is the step to disable a sub step of step 4 below? i.e. disable only if wait is 0 and too fast attempt?
q2) Does it mean disable only if user has two login failures within the quick login check milliseconds?
q3) wait will not be 0 after count becoming aleast half of max login failures, rounding will happen to 1. does it mean after that, there is never a disable? because wati will never be 0 after that?
- Calculate
waitusing Wait Increment * (count/ Max Login Failures ). The division is an integer division so will always be rounded down to a whole number - If
waitequals 0 and time between this failure and the last failure is less than Quick Login Check Milli Seconds then setwaitto Minimum Quick Login Wait instead
1. Temporarily disable the user for the smaller ofwaitand Max Wait seconds