Maximum signon attempts

The maximum signon attempts system value limits the number of consecutive incorrect signon attempts by local and remote users.

Incorrect signon attempts can be caused by incorrect user identification, incorrect password, or inadequate authority to the device. The maximum signon attempts system value works with the system value that specifies the action the system takes when the maximum number of signon attempts is reached. For information on this related system value, see Maximum sign on attempts action.

Some hackers may attempt to break into systems by guessing passwords. By limiting the number of signon attempts you allow, you limit their guesses. The maximum signon attempts system value determines how many signon tries you allow. Generally you want to set the value high enough to avoid frustrating users but also low enough to prevent a potential intruder too many guesses. Typically setting the value for signon attempts between 3 and 5 fulfills both of these requirements.

See Quick reference table for an overview of the maximum signon attempts system value.

Table 1. Possible values for the use maximum signon attempts system value
iSeries™ Navigator	Character-based interface	Description
No maximum	*NOMAX	The system allows an unlimited number of incorrect signon attempts. This value gives a potential intruder unlimited opportunities to guess a valid user ID and password combination.
Maximum number	limit	Specify a value from 1 through 25. The recommended number of signon attempts is three. Usually three attempts are enough to correct typing errors but low enough to help prevent unauthorized access.

Relationship to security policy

Within your security policy you should inform users your company's expectations for managing their signon activities. It is important to document the number of signon attempts that users are allowed and the action taken when that number is exceeded.

Table 2. Quick Reference. Provides details for the maximum signon attempts system value.
iSeries Navigator name	Incorrect signon attempts
Character-based interface name	QMAXSIGN
Authority	All object access (ALLOBJ) Security administrator (SECADM) Note: The Security Officer (QSECOFR) user profile is shipped with these authorities.
How to access	iSeries Navigator Expand Security > Policies. Right click Signon Policy and select Properties. On the General page, you will find the option for maximum signon attempts. Character-based interface In the character-based interface, type `WRKSYSVAL QMAXSIGN`.
Changes take effect	Immediately
Default value	3
Recommended value	3
Lockable	Yes
Special considerations	See Maximum sign on attempts action for special considerations regarding this system value.

For more detailed information about this security value, see Chapter 3, "Security System Values" in Security Reference.