Lock user after X attempts of login and unlock after a set Time

darshan.mehta · March 4, 2021, 2:54pm

Hello Auth0 Team,

I know this type of query has been asked in the past, however I just want to bring it up again and see if there are actual code snippets or feature added for this functionality:

Example:
After 5 failed login attempts, we set the user account to locked and either 2 things can happen:

After 24 hours the users account is set back to unlock and they can login
or
They can reset their password and unlock the account.

I haven’t seen this feature in the password policy settings but I know it may be possible via rules, but not sure how to capture failed login attempts (would this be a variable we set in the users meta data?)

Thank you!

konrad.sopala · March 5, 2021, 11:37am

Hey there!

As you said it’s not something that is officially documented. If you want to use rules for thatI would try digging in the context object inside rules. More about its properties here:

When it comes to locking user after 10 failed login attempts, the Brute Force protection is here for you:

aritchie · January 26, 2023, 5:46pm

Hi Konrad,

Has there been any change in the functionality Auth0 offers for this over the last 2 years?

What would be the best way to configure Auth0 so that blocked accounts automatically get unblocked after 24 hours?

Thank you.

Topic		Replies	Views
Unblock user after consecutive failed login Get Help	2	4361	June 17, 2020
Why is user blocked Get Help	4	1960	December 22, 2022
Block user after 3 attempts of login Get Help login	7	7781	May 22, 2019
Detect invalid login attempts and lock user in a rule Get Help	7	10253	September 3, 2019
Is it possible to block user for specific time after 5 unsuccessful login attempts Get Help classic-universal-login-experience , login-experience	2	700	January 31, 2024

Lock user after X attempts of login and unlock after a set Time

Related topics