Maximize reset password verification delay duration [Updated in Security Center 1.3]

Configure the delay, in milliseconds, that a user must wait before submitting a new password reset request.

A bad actor could attempt to brute force login credentials by using automation tools like bots which the reset password verification delay property helps defend against. The property value represents the delay, in milliseconds, that a user must wait before they can place a request to reset the password. If this property is not set to the recommended value of 1000 or more, the login is more vulnerable to brute force attacks.

More information

AttributeDescription
Configuration name password_reset.verification.delay
Configuration type System Properties (/sys_properties_list.do)
Data type string
Recommended value 1000
Default value 1000
Category Authentication
Security risk
  • Severity score: 5.9
  • CVSS score: Medium
  • Security risk details: Setting the property value to less than 1000 makes your login more vulnerable to brute force attacks.
Dependencies and prerequisites None
References Configuring password for a user