FusionAuth
    • Home
    • Categories
    • Recent
    • Popular
    • Pricing
    • Contact us
    • Docs
    • Login

    Does account lockout on failed authentication attempts only resets on password reset or after the action duration?

    Scheduled Pinned Locked Moved Unsolved
    Q&A
    2
    2
    493
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      john.bantoto
      last edited by

      Our account settings looks like:

      • Failed attempts: 10
      • Time period: 60s
      • Action duration: 15m

      Scenario:

      • Did 4 failed login attempts
      • 1 successful login attempt
      • Tried 5 failed login attempts -> Account is locked

      Can you clarify how the lockout works?

      • Is there a 60-second Window or persistent counter?
      • Does it not reset on successful login?
      danD 1 Reply Last reply Reply Quote 0
      • danD
        dan @john.bantoto
        last edited by

        Hi @john-bantoto,

        Welcome to FusionAuth!

        Are you using this lockout configuration?

        In that case, the answer to your question is:

        • it is a time based solution. The time period is "The window of time in seconds for which the failed authentication attempts are counted. If no further failed attempts occur the failure count will be reset after this time period starting at the time of the last failed login."
        • it does not get reset on successful login. Once the action is applied, it will remain applied for its configured duration (15 min in your case).

        Hope this helps.

        --
        FusionAuth - Auth for devs, built by devs.
        https://fusionauth.io

        1 Reply Last reply Reply Quote 0
        • First post
          Last post