Risk Policy Template: Login Limits
Beta Feature
This article is subject to change as the feature develops and we make improvements.
Block authentication after a certain number of failed authentication attempts have occurred. Additionally, this policy will block authentication due to too many pending authentication attempts. Unless configured as an Always Allowed Authenticator the policy will return a failure in the following scenarios:
- HYPR Mobile App authentication is cancelled by the user
- Authenticator used for HYPR Mobile App authentication fails to verify the user
- Incorrect PIN is provided for HYPR Mobile App authentication (if configured)
- FIDO2 Passkeys fails to initiate an assertion request (Note: Cancelling a FIDO2 Passkey authentication attempt will not trigger a failure)
- Too many uncompleted authentication attempts have occurred within a certain timeframe for both HYPR Mobile App and FIDO2 Passkeys
The following are the initial configuration options available for this template:
| Field | Description |
|---|---|
| Authentication Failure Threshold | Enter the number of failed authentication attempts allowed during the Authentication Attempt Time Window. Default is 5. |
| Authentication Attempt Time Window | Use the field and drop-down to set the time period during which the Authentication Failure Threshold is tracked. Default is 10 Minutes. |
| User Blocked Duration | Use the field and drop-down to set the time period during which the user's account is blocked or modified. Default is 30 Minutes. |
| Always Allowed Authenticators | Choose authenticators that will still function once the Authentication Failure Threshold is reached: HYPR Mobile App with QR Scan: HYPR Mobile App QR login will be allowed. FIDO2 Passkeys: FIDO2 security keys or platform authenticator keys will be allowed. HYPR Speed: HYPR's SSO solution will be allowed. |