Oriphix 61 Posted September 23, 2016 Report Share Posted September 23, 2016 (edited) Currently the forum account lock out is set to lock out the account after 2 failure attempts for 15 minutes. This triggers after the second attempt is a failure. I love the security side of it that you are preventing login for 15 minutes. This morning I tried to login to the forum with my work mobile. This is so that I have it logged on all my devices but I didn't remember the password  so my account was locked for 15 minutes after 2 tries. I didn't even know it would lock as there was nothing mentioned about that. Another good thing is after the account is locked it doesn't matter if you entered the correct password now your account will only unlock after the lock out period. Suggestion: Can this be increased to 5 attempts with 30 minutes lock out? (People that have lots of different passwords two attempts is way to less and waiting 15 minutes for two attempts is a bit to high) Can the message be modified to say how many attempts are remaining before the account is locked?  Edited September 23, 2016 by Kirito Quote Link to post Share on other sites
Oriphix 61 Posted September 23, 2016 Author Report Share Posted September 23, 2016 Another cool security feature would be for the system to send you a email on the account lock out. That way you can know if someone is trying to hack your account or it was just you forgetting your password  Quote Link to post Share on other sites
Jorn 120 Posted September 23, 2016 Report Share Posted September 23, 2016 Actually, it's 3 attempts / 15 minutes. What you suggests is possible, but not by default, i will have to do some coding :). I am adding it to my TODO list. Quote Link to post Share on other sites
Oriphix 61 Posted September 23, 2016 Author Report Share Posted September 23, 2016 16 minutes ago, Jorn said: Actually, it's 3 attempts / 15 minutes. What you suggests is possible, but not by default, i will have to do some coding :). I am adding it to my TODO list. Nope its 2 attempts, try it  . The above screenshots is from my test again just to make this post.  Quote Link to post Share on other sites
Jorn 120 Posted September 23, 2016 Report Share Posted September 23, 2016 Ok should be fixed now - 30 min / 5 attempts Quote Link to post Share on other sites
Emca 306 Posted September 23, 2016 Report Share Posted September 23, 2016 @Jorn, is that limit per IP address? If not, anyone can prevent you from logging in (if he's enough determined) Quote Link to post Share on other sites
Jorn 120 Posted September 23, 2016 Report Share Posted September 23, 2016 No, it's not bound to IP address. EDIT: to correct my statement here: it's not only bound to IP address Quote Link to post Share on other sites
Oriphix 61 Posted September 23, 2016 Author Report Share Posted September 23, 2016 Awesome  Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.