You can increase the security of your system by enforcing password restrictions, which will make it more difficult for unauthorized users to access your system. You can specify that each password must include at least two characters of each of the following four character types:
You can enforce a minimum length for the password, and set a maximum and minimum time limit, after which the password will not be accepted.
By default, the system terminates a session after the user makes three consecutive failed logon attempts and the account is locked for 15 minutes.
The user may then start another session (which would also terminate after three consecutive failed logon attempts). To increase security, you can lock users out of the system entirely after three failed consecutive logon attempts.
After the user‘s account is locked out (using the configure account password-policy lockout-on-login-failures command), it must be re-enabled by an administrator.
Note
If you are not working on SSH, you can configure the number of failed logons that trigger lockout, using the configure cli max-failed-logins num-of-logins command. (This command also sets the number of failed logons that terminate the particular session.)