This change most visibly affects single sign-on, but any application that authenticates directly to ldap.ualr.edu will also be affected (and could also be a source of lockouts due to failed password attempts).
- Beginning April 27, 2015, more than 10 failed attempts to log in using your NetID (within a 30 minute period) will now place your account into a locked state.
- The lockout is temporary. The account will automatically unlock itself 30 minutes after it was locked (whereupon, if it is still under attack, it can be locked again).
- While your account is locked, you will not be able to log in using your NetID.
- You can unlock your account yourself immediately by resetting your password or contacting IT Services for assistance.
Why would my account be locked?
More than 10 failed log-in attempts (due to incorrect password) within a 30 minute period will cause your account to be locked. More than 10 failed attempts in a short period of time is not normal behavior for an account owner but likely a result of someone trying to guess another person's password.
These attacks are normally automated to try the most commonly used passwords along with multiple variations (changing letters into numbers, etc.) as quickly as possible. By locking your account during such an attack, the attacker cannot log in using your NetID even if they guess your current password.
How do I know if my account is locked?
If you are logging in to one of our single sign-on (SSO)–enabled services (Google Apps, Blackboard, etc.)—and you have a locked account—you will be prevented from logging in with your NetID and see the following message.
What should I do if my account is locked?
Locked accounts will automatically unlock themselves after 30 minutes (but can be re-locked if still under attack).
You can immediately unlock your account by resetting your password. We recommend that you contact IT Services to report a locked account—even if you have unlocked it yourself—especially if you feel that your account may be compromised.
How do I protect my account?
Once someone decides to attack your account, there is little you can do to avoid the locked status. Locking your account is a safety measure to make it impossible for the attacker to continue to try and successfully log in to campus services using your NetID. However, prior to being attacked, the best possible ways you can protect your account from being compromised due to an attack of this nature include
- using a complex password
- using a password you do not use anywhere else
- be wary of anyone asking for your password