|Configuring People-Related Settings / Managing Access|
You can set up the application to discourage automated (computer-driven) registration and login. Automated registration is usually an attempt to gain access to an application in order to do malicious (or at least annoying) things. By taking steps to make registering and logging in something that only a human being can do, you help to prevent automated attacks.
This topic is about configuring login security in particular. You configure registration security on the Registration Settings page. For more information, see Configuring User Registration.
On the Admin Console's Login Security Settings page, you can set up login throttling and login captcha.
Enabling login throttling slows down the login process when the user has entered incorrect credentials more than the specified number of times. For example, imagine that you set the number of failed attempts to 5 and a forced delay to 10 seconds. If a user failed to log in after more than five tries, the application would force them to wait for 10 seconds until they could try again on each subsequent attempt.
Enabling login captcha displays a captcha image on the login page. The image displays text (distorted to prevent spam registration) that the person must enter in order to continue with registration. This is a way to discourage registration by other computers simply for access to community in order to send spam messages.
The login captcha setting is designed to display the captcha image when throttling begins. In other words, after the number of failed attempts specified for throttling, the captcha image is displayed and throttling begins. You can't enable the login captcha unless login throttling is enabled.
The captcha size is the number of characters that appear in the captcha image, and which the user must type when logging in. A good value for this 6, which is long enough to make the image useful and short enough to keep it from being too annoying.