If your library is using the default FOLIO username and password authentication, there are options for controlling workflows for authentication that can be configured by your hosting if desired.
Basic options for how to handle failed logins are set in mod-configuration, which can be changed by your hosting and/or systems administration (github documentation):
- login.fail.to.warn.attempts - number of login attempts before warn (default value - 3)
- login.fail.attempts - number of login attempts before block user account (default value - 5)
- login.fail.timeout - after timeout in minutes, fail login attempts will be dropped (default value - 10)
Password rules are controlled in mod-password-validator (github documentation) and the API for that module can be used to change rules (API documentation).