Does password reset clear user blocks?

kmaloney · December 12, 2024, 7:56pm

I’m working on a custom solution to identify and clear blocked user accounts using the Auth0 SDK and would like to confirm some behavior I am seeing. It looks like when a user’s password is reset, that seems to also clear any user blocks that have been created by a “limit_wc” condition.

That’s what empirical evidence shows, but I wonder if anyone here can confirm that it’s correct.

sumansaurav · December 12, 2024, 9:30pm

In Auth0, when brute force protection is enabled:

It tracks failed login attempts using this “limit_wc” condition
When users exceed the maximum number of failed attempts, their account gets blocked
By default, the shield is triggered after 10 failed login attempts
The default block duration is 600 seconds (10 minutes)

Password reset do appears to clear block created by (“limit_wc”) condition in Auth0.

However, if blocks created due to Suspicious IP or admin applied blocks would remain in place even after a password reset.

rueben.tiow · December 12, 2024, 9:35pm

Hi @kmaloney,

Yes, performing a password reset will remove the block that was enforced from brute force protection.

Our When Do the Attempts for Brute Force Protection Reset knowledge article mentions this.

Thanks,
Rueben

Topic		Replies	Views
Getting user Unblocked in Auth0 Get Help auth0 , password-reset , blocked-account	4	3073	August 6, 2024
Disable PW reset option for blocked users Get Help user-management , user-password-management	2	109	November 19, 2025
Unblock user after consecutive failed login Get Help	2	4432	June 17, 2020
Disable Password reset for blocked users using Universal Login Get Help login-experience , reset-password-prompt-new-experience	2	375	April 19, 2024
Prevent password reset for blocked users Get Help auth0	5	4481	May 21, 2020

Does password reset clear user blocks?

Related topics