We have now added an additional layer of security to our login process, one that is highly important in being Cyber Essentials compliant.
Here is what you should know when a user is failing to log in:
- If a user has 10 failed attempts to log into their account (i.e. by typing in their password incorrectly 10 times in a row), their account gets locked.
- The user will get a flash message after the 9th try saying that they've got one try left before their account gets locked.
- If the account gets locked, the user has 2 options:
- They will receive an email with a link to recover their account right away (no manual implication from an admin or community manager is required)
- They can wait for one hour and their account will be reactivated automatically after that period.
If you have any questions, please feel free to reach out at email@example.com