user management: small follow-up rewording/nits for TFA locks

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>

diff --git a/pveum.adoc b/pveum.adoc
index 707e87d0e3bdfeefbc14734852b7537980817df3..a24598dfa6cbd77aecbd47a956c9a870d894c290 100644 (file)
--- a/pveum.adoc
+++ b/pveum.adoc
@@ -580,7 +580,7 @@ https://www.yubico.com/products/services-software/yubicloud/[YubiCloud] or
 https://developers.yubico.com/Software_Projects/Yubico_OTP/YubiCloud_Validation_Servers/[host your own verification server].
 
 [[pveum_tfa_lockout]]
-Limits and lockout of Two-Factor Authentication
+Limits and Lockout of Two-Factor Authentication
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 A second factor is meant to protect users if their password is somehow leaked
@@ -588,14 +588,14 @@ or guessed. However, some factors could still be broken by brute force. For
 this reason, users will be locked out after too many failed 2nd factor login
 attempts.
 
-For TOTP 8 failed attempts will disable the user's TOTP factors. They are
+For TOTP, 8 failed attempts will disable the user's TOTP factors. They are
 unlocked when logging in with a recovery key. If TOTP was the only available
 factor, admin intervention is required, and it is highly recommended to require
 the user to change their password immediately.
 
 Since FIDO2/Webauthn and recovery keys are less susceptible to brute force
-attacks, the limit there is higher, but block all second factors for an hour
-when exceeded.
+attacks, the limit there is higher (100 tries), but all second factors are
+blocked for an hour when exceeded.
 
 An admin can unlock a user's Two-Factor Authentication at any time via the user
 list in the UI or the command line: