Missed Team ’24? Catch up on announcements here.

×
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Number of consecutive failed login attempts before account lock out

Yeung Ying Ying Debby
Yeung Ying Ying Debby May 17, 2021

Hi,

I checked that there is a security measure in place that will lock your account after multiple, consecutive failed login attempts in this website https://confluence.atlassian.com/cloudkb/i-m-locked-out-of-my-atlassian-account-911180643.html

Could anyone please advise the number of consecutive failed login attempts before account gets locked out? Does it apply to Confluence/ overall Atlassian services? 

My company would like to know more about Atlassian access control practice.

Thank you for your help very much!

Best regards,

Ying

 

 

 

 

Answer
Watch
Like Be the first to like this
2598 views

1 answer

1 accepted

1 vote
Answer accepted
Callum Carlile _Automation Consultants_
Callum Carlile _Automation Consultants_
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
May 17, 2021

Hi @Yeung Ying Ying Debby ,

I think this community post should answer your question - an Atlassian Team member has posted a detailed response - it essentially depends on your setup, whether or not you're using LDAP or other user directories.

View More Comments
Yeung Ying Ying Debby
Yeung Ying Ying Debby May 17, 2021

Hi  @Callum Carlile _Automation Consultants_

Firstly, Thank you for your prompt response!

Given that we are not using LDAP or any other user directories, I am wondering if Jira/Confluence account will get locked out after 3 failed attempts. 

From the post you provided, it said "JIRA won't technically lock out an internal user account.  By default, after 3 failed attempts it simply requires a CAPTCHA be completed along with the correct password to login. "

Yet, it said "To help protect your Atlassian account, we have have a security measure in place that will lock your account after multiple, consecutive failed login attempts." in the post I mentioned above.

I get a bit confused with these 2 posts. 

Like
Callum Carlile _Automation Consultants_
Callum Carlile _Automation Consultants_
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
May 18, 2021

@Yeung Ying Ying Debby  Yeah so if you're just using Jira/Confluence's internal directory, then after 3 failed login attempts you will need to complete a CAPTCHA to prove you're not a bot, but your account won't be locked.

I couldn't find your second reference in the above link, but looking at a few other links it seems that there is no locking of accounts for multiple failed login attempts. You can configure the number of failed login attempts reveals the CAPTCHA but I think this is all you can do.

What I would suggest is for your system admins to create a test account, and once it's been logged in successfully, logout and try to login with incorrect credentials. See how many times you can do this to test out if you ever get locked out

Like
Like Callum Carlile _Automation Consultants_ likes this
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
TAGS
AUG Leaders

Atlassian Community Events

    See all events