Cloe Walker (CloeW938)
IT Solution Service

IT Solution Service
CloeW938 Member since 2018 158 posts
IT Solution Service
Posted: October 27, 2020
Last activity: May 17, 2021
Posted: 27 Oct 2020 11:07 EDT
Last activity: 17 May 2021 5:12 EDT

Lockout penalty vs account lock

In general, which is supposed to be more secure solution, lockout penalty or account lock?

As far as I know, most of software I know of has account lock function, but I have never seen "penalty" solution except for Pega. I feel it is kind of unusual solution because it does not really "lock" it, but will be recovered by itself just by waiting a certain amount of time (8 sec => 16 sec => 32 sec => 64 sec...). Is this more modern solution? Does this have anything to do with brute force attack? If anyone knows the background of why this solution was introduced in Pega Platform, please explain.



***Edited by Moderator: Pooja Gadige to add platform capability tag***
Pega Platform 8.4.1 Security