You can also access this tutorial in German and French.


This video shows a mechanism called lockout that is designed to prevent brute force attacks.


Okay, let's suppose you want to increase the security of your Liferay portal instance that is running on the Internet and you want to avoid that someone is running a brute force attack on your user accounts. What you can do is you can set a locking mechanism that if someone logs in with a false password too many times that this account is blocked. So, I'll show you how to do this. So, you can see here on in the browser we have our Liferay portal. We are logged in with the user account of the administrator and you have to first go to the control panel and the control panel can be found behind these little boxes here and in there you can look for the control panel here and then in the control panel there is a section called security and in the security there's password policies and in there you go on the three dots and you say edit and now we are in the default password policy and if we scroll down you can see there is something called lock out. So, you may have to open this first and then you can say enable lockout yes and then it says maximum failures is three. Three is very severe and in practice leads to many requests of unlocking things. So, I would suggest a value like six for example and then you save that and now we have this feature set you could also, change that until unlocked by administrator you could change that to 5 minutes 10 minutes or a week or whatever. But this is something that you can set. Save it and it's done. That's all for now!