Settings - Protection
You can access these settings in the Settings application under the Security & Membership -> Protection category.
General | |
Display account lock information message | Indicates if user friendly information about account lock should be displayed. |
Enable Autocomplete | If true Autocomplete for user name text box in sign-in form is enabled. |
reCAPTCHA v2 | |
Site key (reCAPTCHA v2) | The reCAPTCHA v2 site API key for the site where you want to use reCAPTCHA. Obtain the API keys from https://www.google.com/recaptcha/admin. For more information, learn about the reCAPTCHA form component. |
Secret key (reCAPTCHA v2) | The reCAPTCHA v2 secret API key for the site where you want to use reCAPTCHA. Obtain the API keys from https://www.google.com/recaptcha/admin. |
reCAPTCHA v3 | |
Site key (reCAPTCHA v3) | The reCAPTCHA v3 site API key for the site where you want to use reCAPTCHA. Obtain the API keys from https://www.google.com/recaptcha/admin. For more information, learn about the reCAPTCHA form component. |
Secret key (reCAPTCHA v3) | The reCAPTCHA v3 secret API key for the site where you want to use reCAPTCHA. Obtain the API keys from https://www.google.com/recaptcha/admin. |
Score threshold (reCAPTCHA v3) | reCAPTCHA v3 returns a score for every request between 0.0 (very likely a bot) and 1.0 (very likely a good interaction). This threshold determines the score that must be reached for the reCAPTCHA validation to be successful. Set a higher value if you have issues with spam or bots, and a lower value if you wish to simplify accessibility for users. You can override the score threshold setting when adding the reCAPTCHA component to individual forms. Note: If the validation fails for a user, there are no further challenges and form submission is not possible. In these cases, users can attempt to refresh the page again. |
Invalid sign-in attempts (Administration only) | |
Maximum invalid sign-in attempts | Maximum invalid sign-in attempts before the user account is locked. If set to 0, invalid sign-in attempts functionality is disabled. |
Send unlock account email | Indicates if an account unlock email is sent when a user account is locked due to reaching the maximum invalid sign-in attempts. |
Unlock user account path | Path to custom page for unlocking user account (if not set, system page ~/CMSModules/Membership/CMSPages/UnlockUserAccount.aspx will be used). |
Screen lock | |
Enable screen lock | Enables or disables screen lock feature, which locks the part of the browser with the Xperience administration interface. |
Lock interval (minutes) | Time (in minutes) that has to pass before the screen is locked. This value has to be greater than 0 and lower than session timeout. Session timeout is by default 20 minutes for ASP.NET WebForms applications. To change the timeout interval, set the timeout property on the sessionState element in your application’s web.config file. See the session state documentation for more information. |
Warning interval (seconds) | Warning period (in seconds). Warning with countdown is shown for this number of seconds before the screen is locked. |