Failed Password Attempts and Account Lock Out - Appsembler

Failed Password Attempts and Account Lock Out

If a user forgets their Open edX password and is unsuccessful in logging in, they will get locked out of their account. 
System Defaults
  • The default for maximum failed password attempts is 6.  
  • The default duration to wait once you’ve been locked out is 30 minutes. 
  • Attempts to login, while the lockout is active, will have no effect on the login count or lockout duration, and will display a lockout message to the user
  • Any incorrect attempts after the timeout expires will add another 30 minutes of lockout.
This duration is purposely not displayed to the user, because a hacker using brute force password attempts could then write a script to wait 15 minutes, and then try another series of brute force attacks.
Support Options
  1. Verify user email address and URL they are trying to access
  2. Tell them to wait 30 minutes and to try again IF they can find or remember their password
  3. If not, tell them to use the “Forgot password?” link in the login page, after the 30 minutes wait.