The password_reset.request.max_attempt_window property controls the number of minutes a user must wait to reset or change their password after exceeding the maximum number of unsuccessful attempts that is set with the password_reset.request.max_attempt property.

More information

Attribute	Description
Property name	password_reset.request.max_attempt_window
Configuration type	System Properties (/sys_properties_list.do)
Category	Authentication
Purpose	Denotes the lockout period in minutes after the maximum number of unsuccessful password reset attempts has been met.
Recommended value	1440
Default value	1440
Configuration type	Positive integer values
Security risk	(High) If the property is not set to the recommended value of 1440 or less, then it could be possible to perform account brute force as the account will not be locked after a maximum number of wrong authentication attempts.
Security risk rating	7.5
References	Configure Password Reset properties

To learn more about adding or creating a system property, see Add a system property.