Add timeouts info to security checklist (#2108) - fix

docs/guide/security_checklist.md

@@ -91,18 +91,12 @@ and any other application-specific secrets.
 Consider introducing a measure against brute force login attacks, like CAPTCHA. Adjust timeout limits to your needs:
 
 When using the "forgot password" feature, a token is created which expires if the user doesn't click the password reset
-link that gets mailed to them in time. The time before it expires is set in the parameter
-`ibexa.site_access.config.default.security.token_interval_spec`. By nature this feature must be available to users
+link that gets mailed to them in time. The time before it expires is set in the configuration parameter
+`ezsettings.default.security.token_interval_spec`. By nature this feature must be available to users
 before they have logged in, including would-be attackers. If an attacker uses this feature with someone else's email
 address, the attacker does not receive the email. But they could still try to guess the password reset link. That's why
 this interval should be as short as possible. 5 minutes is often enough.
 
-Ibexa DXP allows you to create and send invitations to create an account in the frontend as a customer, the Back Office
-as an employee, or the Corporate Portal as a business partner. You can send invitations to individual users or in
-bulk. These invitations time out according to the parameter
-`ibexa.site_access.config.default.user_invitation.hash_expiration_time`. This can safely be longer than the "forgot password" time,
-since attackers cannot generate invitations. Don't leave it longer than it needs to be, though.
-
 These timeouts are both entered as [PHP DateInterval duration strings](https://www.php.net/manual/en/dateinterval.construct.php).
 The forgot password feature defaults to "PT1H" (one hour).
 The account invitation feature defaults to "P7D" (seven days).