Controlling incorrect answers by a user

By default, the system locks out a user after a number of failed answer attempts to secret questions.

In case of failed answers, the FAILURE_TYPE is set to ANSWER in the PLT_USER_LOGIN_FAILED table.

The IPasswordPolicyForSecretAnswers interface associated with the rule type = password secret answer can be used to check for failed answers.
Use the following parameters in the implementation class for validation. You can configure the values for these parameters in the password policy as required:
- MaxFailedAnswers: Number of allowed incorrect answers within the interval specified in the attribute CheckIntervalMinutes.
- CheckIntervalMinutes: Time interval (in minutes) allowed for incorrect answers, after which the answers are not validated and the user is locked out for this duration. For example, if the interval specified is 180 mins and the number of allowed wrong answers exceeds this limit, the user is locked out for 3 hours. The user can login again after the interval lapses.