EFT Server can automatically lock out an administrator account after a specified number of incorrect login attempts over a specified time.
On an HS-PCI-enabled Site, if you clear the Lockout check box, increase the number of incorrect login attempts to more than 6, or set the attempt period to more than 5 minutes, a warning message appears.
To disable or remove an account after a defined number of incorrect login attempts
In EFT Administrator, connect to EFT Server and click the Server tab.
In the left pane, click the Server you want to configure, then click the Administration tab.
In the Admin Account Names area, click the account that you want to modify.
In the Account Security area, select the Lockout admin accounts check box, then specify the length of time the account is to be locked out and the number of incorrect login attempts during a specified period.
Click Apply to save the changes on EFT Server.
To enable an account that has been locked out
Instruct the administrators regarding the timeout setting, after which they can try to log in again. If they are unable to wait for the lockout to timeout, use the procedure below to enable the account.
Clear the Lockout check box.
Click Apply to save the changes and enable the locked out account.
Select the Lockout check box to resume account security.
Click Apply to save the changes.
Removing Inactive Administrator Accounts