Hi,
I checked that there is a security measure in place that will lock your account after multiple, consecutive failed login attempts in this website https://confluence.atlassian.com/cloudkb/i-m-locked-out-of-my-atlassian-account-911180643.html
Could anyone please advise the number of consecutive failed login attempts before account gets locked out? Does it apply to Confluence/ overall Atlassian services?
My company would like to know more about Atlassian access control practice.
Thank you for your help very much!
Best regards,
Ying
I think this community post should answer your question - an Atlassian Team member has posted a detailed response - it essentially depends on your setup, whether or not you're using LDAP or other user directories.
Hi @Callum Carlile _Automation Consultants_,
Firstly, Thank you for your prompt response!
Given that we are not using LDAP or any other user directories, I am wondering if Jira/Confluence account will get locked out after 3 failed attempts.
From the post you provided, it said "JIRA won't technically lock out an internal user account. By default, after 3 failed attempts it simply requires a CAPTCHA be completed along with the correct password to login. "
Yet, it said "To help protect your Atlassian account, we have have a security measure in place that will lock your account after multiple, consecutive failed login attempts." in the post I mentioned above.
I get a bit confused with these 2 posts.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
@Yeung Ying Ying Debby Yeah so if you're just using Jira/Confluence's internal directory, then after 3 failed login attempts you will need to complete a CAPTCHA to prove you're not a bot, but your account won't be locked.
I couldn't find your second reference in the above link, but looking at a few other links it seems that there is no locking of accounts for multiple failed login attempts. You can configure the number of failed login attempts reveals the CAPTCHA but I think this is all you can do.
What I would suggest is for your system admins to create a test account, and once it's been logged in successfully, logout and try to login with incorrect credentials. See how many times you can do this to test out if you ever get locked out
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.