© 2010 The PowerTech Group, Inc.
All Rights Reserved
No. of unsuccessful login attempts allowed for this account.
PowerTech recommended setting: 5
Importance: High
Purpose: Determines the maximum number of consecutive invalid sign-on attempts allowed before the action specified in value QMAXSGNACN is invoked.
Risks and Concerns: Setting the value too high can provide an attacker an opportunity to guess passwords. Setting the value too low can cause users to disable their profiles more frequently.
ISO 27002 (17799) Section 11.5.1 - Secure log-on procedure
The procedure for logging into an operating system should be designed to minimize the opportunity for unauthorized access.
A good log-on procedure should limit the number of unsuccessful log-on attempts allowed (three is recommended) and consider the following:
Recording unsuccessful attempts;
Forcing a time delay before further log-on attempts are allowed or rejecting any further attempts without specific authorization;
Disconnecting data link connections.
© 2010 The PowerTech Group, Inc.
All Rights Reserved