Hey, I have enabled brute force protection, and set the threshold as 5 attempts.
A user complained about her account getting blocked after a single failed attempt.
I checked the logs, and confirmed there is only a single failed attempt.
Why is this happening?
Hi @shivam.jain ,
Thank you for posting this topic on the Auth0 community!
I tested the brute force protection with the threshold set as 5 attempts and could not repeat this issue. I received the “Your Account has been blocked after multiple consecutive login attempts” error after 5 consecutive failed attempts.
Is that the error the user received? And if you have unblocked this user and does she still face this issue with a single failed attempt?
If you can repeat this issue with a testing user, could you please DM me the email of the user and the name of the tenant for further investigation? Thanks!
2 Likes
Hi @lihua.zhang I had unblocked the user using the management API, and he was no longer facing the issue. I also found out 4 incorrect login attempts by the user 8 days ago.
I was under the impression that the incorrect attempt count resets after 24 hours. Is that not the case?
The incorrect attempt count reset will be triggered only after the user has successfully logged in. Since the user has 4 incorrect login attempts earlier, that explains why she got locked after one additional such attempt.
2 Likes