Not displayed 'Account Blocked' Message Immediately After Threshold is Reached

I have configured the Brute Force Protection feature with a login threshold of 5 attempts. However, I’ve noticed an issue with the user experience.

When a user reaches the login attempt limit, they receive an email to unblock their account, but the “account blocked” message does not appear on the login page immediately. Instead, the message only displays on the next login attempt.

This creates confusion, especially if the user enters the correct password on the next attempt, as the “account blocked” error still appears. This behavior is not ideal from a user experience perspective. Is there a way to improve this flow or display the blocked message immediately after the threshold is reached?

Hi @nirajan.kunwor,

Thanks for reaching out to the Auth0 Community!

Unfortunately, the brute force protection error message is only displayed after the user is blocked, which happens on the next login attempt, even after the user provides the correct password.

I understand this isn’t clear for your end-users and is not an ideal UX. However, there is an option to customize the error message through the Custom Text to change the default error message to include the email notification.

Please refer to our Customize Error Message Displayed to Users Who Are Blocked knowledge article on this.

Let me know if you have any additional questions.

Thanks,
Rueben