Skip to main content

 Glossary

A-Z glossary of PageSeeder concepts

Account lockout

A user account is locked automatically by PageSeeder after multiple consecutive failed sign-in attempts. While their account is locked, users cannot sign in. They must wait for the account lockout time to expire or contact an administrator to unlock their account.

Configuration

For security reasons, PageSeeder doesn’t disclose how many attempts cause the lockout nor how long the account is locked for. However, you can configure the account lockout behavior using the following global properties:

PropertyEffect
minAccount​LockoutThe minimum number of minutes an account can be locked for
maxAccount​LockoutThe maximum number of minutes an account can be locked for
minBadLoginsThe minimum number of incorrect sign-in attempts before an account is locked
maxBadLoginsThe maximum number of incorrect sign-in attempts before an account is locked

User experience

The sign-in always warns the user after a couple of failed sign-in attempts, irrespective of the configuration. It recommends that users use the reset password flow to avoid having their account locked.

Sign-in page – Account lockout warning

When the account is locked, there is a warning that the account is locked.

Sign-in page – Locked account

Unlocking an account

Administrators can unlock an account by going to the user Account profile page in the system administration and clicking the Unlock button.

Account profile page – Locked account

Or using the API with the /members/{member}/unlock service.

Created on , last edited on