Class

HIDApproveDelayLockPolicy

The access to the credential will be limited by applying an exponential delay for each failed attempt.

Instance Properties V counter: Int32 V delay: Int32 V type: HIDApproveLockType Key Protection Lock Policies E HIDApproveLockType P HIDApproveLockPolicy C HIDApproveNoLockPolicy C HIDApproveCounterLockPolicy C HIDApproveSilentLockPolicy

Declaration

class HIDApproveDelayLockPolicy

Overview

An exponential delay is added for each failed authentication attempt using that credential. In other words, a throttling mechanism in which the user has to wait a short time before attempting another try to prevent a potential attacker from guessing the password.

For each failed attempt a counter is incremented. The delay doubles for each failed attempt, but to avoid creating too much delay the counter value is capped at {@link #counter}. This counter is reset on the next successful authentication attempt.

For example, with an initial delay of 2 seconds and a maxcounter of 6 attempts we have the following:

Attempts	Seconds Delay
`1`	`2^1 = 2`
`2`	`2^2 = 4`
`3`	`2^3 = 8`
`4`	`2^4 = 16`
`5`	`2^5 = 32`
`6 or more`	`2^6 = 64`

An attacker trying to brute force the password after the 6th attempt will incur a 1 minute delay for each password attempt. Therefore based on minimum length 6 with a numeric password policy this could mean 10^6 minutes to find the right password (2 years)

Topics

Instance Properties

var counter: Int32

Returns the maximum counter value after which exponential delay is fixed.

var delay: Int32

Returns the initial delay in seconds.

var type: HIDApproveLockType

Returns the protection policy type.