Failing invalid login IDs

Normally, when an invalid user or account ID is entered in the login screen Bravura Security Fabric displays a message informing the user that the account could not be found.

This behavior can be modified to make it more difficult for an attacker to deduce valid IDs from the login process, by enabling the GENERIC LOGINFAILURE option (Manage the system > Policies > Options). If enabled, users are allowed to proceed to the Verify password screen and enter a password, despite having entered an invalid ID. Bravura Security Fabric simulates an attempt to verify the password, waiting 10 seconds before returning with the message:

"Please verify that you entered your password correctly, otherwise contact your administrator."

Note

This feature is scheduled to be removed in a future release.

In this section:

Failing invalid login IDs

Note

Search results