HP Color LaserJet Enterprise 6700dn Administrative password security features - Page 3

Account Lockout The Account lockout feature protects the device administrative accounts by providing safeguards to prevent brute force hacking attempts. After a set number of failed authentication attempts the system prevents further authentication attempts for a specific interval. The account lock feature applies to the following passwords: • EWS password • Remote configuration password • SNMPv3 authentication and privacy passphrases. • Maximum attempts (3-30 seconds) Default = 5 attempts How many failed log-on attempts until the account enters a locked-out state. NOTE: Back-to-back login attempts with the same credentials are ignored and treated as single login request • Lockout interval (5-1800 seconds) Default = 10 seconds How long (in seconds) a locked-out account remains locked-out • Reset lockout counter interval (0 -1800 seconds) Default = 10 seconds How long (in seconds) after a failed logon attempt before the counter tracking failed logon attempts is reset to zero The Reset lockout counter interval setting defines a time window for Maximum attempts that, if exceeded, the account will be locked for the duration of the Lockout interval. For example, if the Reset lockout counter interval is 60 secs and the number of unsuccessful attempts exceeds the Maximum attempts value within 60 secs, the account will be locked for the duration of the Lockout interval. Otherwise, the Maximum attempts counter will be reset to 0 after 60 secs. NOTE: The Reset lockout counter interval cannot be greater than the Lockout interval. Exceeding the maximum configured sign-in attempts presents the following error: NOTE: For SNMPv3 requests during the lockout state, all SNMPv3 requests will be dropped without returning error or success.