Does password reset clear user blocks?

kmaloney · December 12, 2024, 7:56pm

I’m working on a custom solution to identify and clear blocked user accounts using the Auth0 SDK and would like to confirm some behavior I am seeing. It looks like when a user’s password is reset, that seems to also clear any user blocks that have been created by a “limit_wc” condition.

That’s what empirical evidence shows, but I wonder if anyone here can confirm that it’s correct.

sumansaurav · December 12, 2024, 9:30pm

In Auth0, when brute force protection is enabled:

It tracks failed login attempts using this “limit_wc” condition
When users exceed the maximum number of failed attempts, their account gets blocked
By default, the shield is triggered after 10 failed login attempts
The default block duration is 600 seconds (10 minutes)

Password reset do appears to clear block created by (“limit_wc”) condition in Auth0.

However, if blocks created due to Suspicious IP or admin applied blocks would remain in place even after a password reset.

rueben.tiow · December 12, 2024, 9:35pm

Hi @kmaloney,

Yes, performing a password reset will remove the block that was enforced from brute force protection.

Our When Do the Attempts for Brute Force Protection Reset knowledge article mentions this.

Thanks,
Rueben

system · December 26, 2024, 9:35pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Getting user Unblocked in Auth0 Help auth0 , password-reset , blocked-account	4	2519	August 6, 2024
Why is user blocked Help	4	1923	December 22, 2022
Adjust block duration for Brute-Force Protection Help	4	2637	November 19, 2020
User Account is Not Blocked When 'Block compromised user accounts' Feature is Enabled Knowledge Articles	1	550	November 3, 2023
Unblock user after consecutive failed login Help	2	4312	June 17, 2020

Does password reset clear user blocks?

Related topics