We have now added an additional layer of security to our login process, one that is highly important in being Cyber Essentials compliant.
Here is what you should know when a user is failing to log in:
- If a user has 10 failed attempts to log into their account (i.e. by typing in their password incorrectly 10 times in a row), their account gets locked.
- The user will get a flash message after the 9th try saying that they've got one try left before their account gets locked.
- If the account gets locked, the user has 2 options:
- They will receive an email with a link to recover their account right away (no manual implication from an admin or community manager is required)
- They can wait for one hour and their account will be reactivated automatically after that period.
Please watch the short demo video below to find out more.
If you have any questions, please feel free to reach out at firstname.lastname@example.org