Brute-force Protection - not working as described in documentation

Feature: Brute-force protection, fix user notification

Description: I set the Brute-force Protection settings to “3 maximum attempts”.
After 3 attempts, the account is blocked as expected but the email is not sent to the user and warning is not displayed. After the 4th attempt, the email is sent by auth0 and warning is displayed on login screen.
This is not logical at all, and this is an issue for me because I need to warn the user after failed 3 attempts.

In the documentation, auth0 indicates: “Send an email to user when their account has been blocked”. But it’s not true, they will receive this email only if they try one more time.

Use-case: User is not warned when the account is blocked, this is a big usability issue in my opinion.

Hi @shylae,

Thanks for the feedback!