Admin Security is very important part of Magento 2.x Open Source / Adobe Commerce 2.x
There are following below steps need to follow
Step [1] – Go STORES > Configuration, redirects Configuration section.
Step [2] – Click on Left Panel System > Admin, redirects Right Security Section Tab.
- Password Reset Protection Type:: By Default as By IP and Email
- Recovery Link Expiration Period (hours):: 2 Hours
- Max Number of Password Reset Requests:: 5
- Min Time Between Password Reset Requests:: 10 Minutes
- Add Secret Key to URLs:: By Default Yes
- Login is Case Sensitive:: By Default Yes
- Admin Session Lifetime (seconds):: 900 Second (By Default)
- Maximum Login Failures to Lockout Account:: 6
- Lockout Time (minutes):: 30 Min
- Password Lifetime (days):: 90 Days (By Default)
- Password Change::Forced