user management: small follow-up rewording/nits for TFA locks

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2025-03-08 04:58:19 +03:00 · 2023-06-07 17:45:52 +02:00 · 2023-06-07 17:45:52 +02:00 · e253a7876e
commit e253a7876e
parent 96a0d13193
1 changed files with 4 additions and 4 deletions
--- a/pveum.adoc
+++ b/pveum.adoc
@ -580,7 +580,7 @@ https://www.yubico.com/products/services-software/yubicloud/[YubiCloud] or
 https://developers.yubico.com/Software_Projects/Yubico_OTP/YubiCloud_Validation_Servers/[host your own verification server].

 [[pveum_tfa_lockout]]
-Limits and lockout of Two-Factor Authentication
+Limits and Lockout of Two-Factor Authentication
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 A second factor is meant to protect users if their password is somehow leaked
@ -588,14 +588,14 @@ or guessed. However, some factors could still be broken by brute force. For
 this reason, users will be locked out after too many failed 2nd factor login
 attempts.

-For TOTP 8 failed attempts will disable the user's TOTP factors. They are
+For TOTP, 8 failed attempts will disable the user's TOTP factors. They are
 unlocked when logging in with a recovery key. If TOTP was the only available
 factor, admin intervention is required, and it is highly recommended to require
 the user to change their password immediately.

 Since FIDO2/Webauthn and recovery keys are less susceptible to brute force
-attacks, the limit there is higher, but block all second factors for an hour
-when exceeded.
+attacks, the limit there is higher (100 tries), but all second factors are
+blocked for an hour when exceeded.

 An admin can unlock a user's Two-Factor Authentication at any time via the user
 list in the UI or the command line: