Symptom
You notice that when logging onto the system , the following
message pops-up in the screen:
"Number of failed password logon attempts: 'n' (see long
text)"
Environment
SAP NetWeaver Release 7.31 onwards
Solution:
What the user need to do:
1) The user need to know his/her correct SAP login password.
2) Login SAP once using the correct SAP user name and password.
Once the system detect the correct password, the pwd-logon counter will be reset to initial and the pop-up failed logon attempts will no longer appear.
---
This is self-explantory if you read the SAP information correctly.
Number of failed password logon attempts: 3 (see long text) Message No. 00788
Diagnosis
One or more failed attempts made to log on to the system with a password and your user name. Failed logon attempts could be caused by you (typo when entering hidden password) or could be an indication of an attempt by a third party to guess your password.
System Response
Every failed attempt to log on with a password is counted. When a preconfigurable threshold value is exceeded, any further password logon attempts are blocked to keep your password from being guessed.
This counter is reset after a successful password logon. This message tells you the value before the deletion.
If you log on to the system in another way (with Single Sign-On, not with a password), the value of the counter remains unchanged. The number of failed password logon attempts is displayed again at the next logon.
Procedure
If you suspect that other people are attempting to guess your password, you should contact your system administrator. The system administrator can then log any logon attempts where additional information (time stamp, network address, and so on) is recorded which could help to determine the cause.
If you are also able to log on to the system without a password (using Single Sign-On), you should consider deactivating the password that is no longer required. Neither you nor other people can log on to the system using your user name and the deactivated password, further password logon attempts are denied. If it is not possible to log on to the system by password, this is no longer displayed to you in a warning message (about any failed password logon attempts).
Procedure for System Administration
Use the Security Audit Log to log both failed and successful logon attempts.
Ratioinal Behind This Failed Password Pop-up
The rationale behind a counter for failed password logon attempts is that passwords can be guessed (not only stolen) and thus it is needed to limit the number of permissible failed logon attempts. Unfortunately, the system cannot differentiate between accidental typos of the legitimate user and the attempts of an attacker to guess your password. Hence, the system will make an alert to inform you that there have been failed password logon attempts to your User ID. Then, you should be able to judge whether it was likely you or someone else who has caused this.
It is important to bear in mind that being able to logon also by other means than by password (i.e. via Single Sign-On - SSO) does not eliminate the above mentioned risk. Actually one could even argue that it might increase the risk since you might have forgotten about your (idle) password. For exactly this reason it was configurable to prompt you to change (or disregard) your password when it is about to be changed (after 'n' days, configurable) - even if you do not use your password to login.
The reason for not resetting the counter of failed password logon attempts when performing a non-password logon is that this would jeopardize the concept (of limiting the number of permissible failed password logon attempts) - because this would grant an attacker additional attempts to guess your password. So, if you are not using your password, the best advice is: deactivate it - because then also the attacker will have no chance to impersonate with a guessed or cracked password.
