Account Lockout Policy
To strengthen login security, Contentstack enforces an account lockout policy that prevents unauthorized access through repeated failed login attempts. This mechanism safeguards user accounts from brute-force attacks or credential guessing.
How Account Lockout Works
When a user enters incorrect login credentials consecutively, the account becomes temporarily locked for increasing durations based on the number of failed attempts. If unsuccessful attempts continue, the account gets locked indefinitely.
During the lockout period, login access is restricted. However, authorized users can still use the Forgot Password? option to reset their password and regain access.
| Failed Login Attempts | Lockout Duration |
| 1 to 4 attempts | 0 mins |
| 5th attempt | 5 mins |
| 6th attempt | 10 mins |
| 7th attempt | 15 mins |
| 8th attempt | 20 mins |
| 9th attempt | 25 mins |
| 10th attempt | Locked indefinitely |
Note: After the 10th failed attempt, the account remains locked until manually reviewed. Contact support for assistance.
Best Practices
To avoid account lockouts, follow these best practices to ensure secure and uninterrupted access to your Contentstack account:
- Ensure login credentials are entered correctly
- Use a secure and updated password manager
- Reset your password promptly if forgotten
For additional security, enable Multi-Factor Authentication (MFA) to protect your account with an extra layer of verification.
More articles in "Authentication and Security"