Software systems often enforce an account lockout policy to protect against mass automated attempts to guess a user's password. If a user makes a certain number of failed login attempts within a particular time interval, the user may be denied further attempts for a designated time period. These policies are balanced against the reality that sometimes users will forget their names and passwords and fail to sign in successfully.
ArcGIS Monitor locks an account after five consecutive failed login attempts within a 15-minute period. The lockout lasts 15 minutes. This policy applies to all users and cannot be modified or replaced.
Monitoring failed login attempts
You can monitor failed login attempts by reviewing the Monitor logs. Any failed attempts result in a warning-level message stating that the user failed to sign in because of an invalid username or password combination. Monitoring the logs for failed login attempts can help you understand if there is a potential password attack on your system.