Lock user after X attempts of login and unlock after a set Time

darshan.mehta · March 4, 2021, 2:54pm

Hello Auth0 Team,

I know this type of query has been asked in the past, however I just want to bring it up again and see if there are actual code snippets or feature added for this functionality:

Example:
After 5 failed login attempts, we set the user account to locked and either 2 things can happen:

After 24 hours the users account is set back to unlock and they can login
or
They can reset their password and unlock the account.

I haven’t seen this feature in the password policy settings but I know it may be possible via rules, but not sure how to capture failed login attempts (would this be a variable we set in the users meta data?)

Thank you!

konrad.sopala · March 5, 2021, 11:37am

Hey there!

As you said it’s not something that is officially documented. If you want to use rules for thatI would try digging in the context object inside rules. More about its properties here:

When it comes to locking user after 10 failed login attempts, the Brute Force protection is here for you:

aritchie · January 26, 2023, 5:46pm

Hi Konrad,

Has there been any change in the functionality Auth0 offers for this over the last 2 years?

What would be the best way to configure Auth0 so that blocked accounts automatically get unblocked after 24 hours?

Thank you.

Topic		Replies	Views
Why is user blocked Help	4	1903	December 22, 2022
Is it possible to block user for specific time after 5 unsuccessful login attempts Help classic-universal-login-experience , login-experience	2	447	January 31, 2024
Rule: detect failed login and count Help rules , login	6	4421	January 8, 2024
Can the 30 day account block due to brute force protection be extended? Help attack-protection , brute-force-protection	2	1447	April 28, 2023
Adjust block duration for Brute-Force Protection Help	4	2585	November 19, 2020

Lock user after X attempts of login and unlock after a set Time

Related Topics