On the Security Policies tab, select the Enable Security Policies check box to display the following policies used for configuring CAPTCHA functionality:
| Policy | Notes | Default value | Min value | Max value |
|---|---|---|---|---|
| Minimum operator identifier (ID) length | 8 | 3 | 64 | |
| Minimum operator password length | 8 | 3 | 64 | |
| Minimum numeric [0-9] characters required in operator password | 1 | 0 | 64 | |
| Minimum alphabetic [a-zA-Z] characters required in operator password | 1 | 0 | 64 | |
| Minimum special characters required in operator password | Available special characters include: ` ~ ! @ # $ % ^ & * ( ) _ + - = { } [ ] | \ : " ; ' < >? , . / | 1 | 0 | 64 |
| Minimum unique historical operator passwords | Note: If the value is 5, you cannot change your password to match any of the most recent five passwords that you used. | 5 | 0 | 128 |
| Maximum operator password age |
The maximum number of days before the operator must change the password. Note: If you set the value to 0, then the password never expires. To have the password expire, select a value between 1 and 128. |
5 | 0 | 128 |
| CAPTCHA implementation |
If set to Default, the system presents the CAPTCHA implementation shipped with the Pega 7 Platform. If set to Custom, the system presents the custom CAPTCHA implementation enabled for this system. An application can make use of third-party CAPTCHA solutions on the application login screen; however, a certain amount of developer work is required to prepare the custom RuleSet to deliver the third-party resource. |
Default | ||
| Enable CAPTCHA Reverse Turing Test Module |
If enabled, the system presents the CAPTCHA upon authentication failure, with a probability set by the following field. If disabled, no CAPTCHA is presented even on login failure. |
Enabled | ||
| Probability that CAPTCHA will be presented upon authentication failure | If the CAPTCHA Reverse Turing Test is enabled, the percentage set here is the likelihood that the CAPTCHA displays. | 5 | 0 | 100 |
| Enable presentation of CAPTCHA upon initial login | If enabled, the CAPTCHA displays the first time that the user tries to log on a new system or from a new compute. | Enabled | ||
| Enable authentication lockout penalty mechanism | If enabled, after n failed login attempts, the system imposes a delay of n minutes and seconds after every unsuccessful login attempt. | Enabled | ||
| Failed login attempts before employing authentication lockout penalty | After the number of failed attempts set here, the user experiences a delay after each further attempt. The delay gets longer with each attempt. | 5 | 0 | 128 |
| Initial authentication lockout penalty | Set the initial delay, in seconds | 8 | 0 | 128 |
| Failed login attempts before password lockout | Set the number of allowed failed login attempts before the account is locked. | 0 | ||
| Password lockout duration |
Set the time period, in minutes, for which the account remains locked after the allowed failed login attempts are exceeded.
|
0 | ||
| Audit log level | Set the Audit log level. The options are:
|
|||
Note: Additional advanced customizations are possible. See PDN article Customizing CAPTCHA presentation and function.