In Auth0, when brute force protection is enabled:
- It tracks failed login attempts using this “limit_wc” condition
- When users exceed the maximum number of failed attempts, their account gets blocked
- By default, the shield is triggered after 10 failed login attempts
- The default block duration is 600 seconds (10 minutes)
Password reset do appears to clear block created by (“limit_wc”) condition in Auth0.
However, if blocks created due to Suspicious IP or admin applied blocks would remain in place even after a password reset.