Can the 30 day account block due to brute force protection be extended?

Hi there,

I found in the docs that a blocked user can get automatically unblocked after 30 days since their last unsuccessful login. Is there any way to turn this feature off, or extend the 30 day window? Ideally we would like users to only be able to be unblocked via the manual action of an admin.

Failing that, is there any way you would suggest to handle extending a user’s blocked period until admin intervention?

Many thanks,
Jo

1 Like

Hey there!

Let’s address your question in a few points.

  1. You can turn this feature off by going to your Auth0 Dashboard → Security → Attack Protection → Brute-force Protection and there will be a toggle on the right hand side where you can enable/disable that

  2. Unfortunately as of now the period cannot be extended but you can advocate for that using our Feedback category here: Feedback - Auth0 Community

  3. Currently it is not doable to achieve precisely what you want because of the fact that this part of our stack is not highly customisable because of security reasons and kind of the fact that in this form as it stands right now it’s an ultimate flow for most of the cases that our users have.

2 Likes

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.