...
Basic options for how to handle failed logins are set in mod-configuration, which can be changed by your hosting and/or systems administration (github documentation):
- login.fail.to.warn.attempts - number of login attempts before warn (default value - 3)
- login.fail.attempts - number of login attempts before block user account (default value - 5)
- login.fail.timeout - after timeout in minutes, fail login attempts will be dropped (default value - 10)
Password rules are controlled in mod-password-validator (github documentation) and the API for that module can be used to change rules (API documentation).
...