Thread: Login Lockout Issues Version 8?

One of our clients sent the following to us this morning:

"Occasionally I have users who are not able to enter the admin for our ASPDNSF due to exceeding the
number of login attempts (presumably because of wrong password). At first I dismissed it because we
all know how many problems users have with usernames/passwords, but there is something curious
about this scenario. When it says these users are locked out, their account does not indicate it
when I log in to admin, pull up their account, and observe the locked out checkbox. As there is no
way to unlock and non-locked out account, I usually Force Password to a new password, and then log
them in and have them change their password. This process is a nuisance and happens every few
weeks. The last known incident was this morning around 10am.:"

Has anyone else experienced this type of issue? The site is running version 8.0.1.2 , The site gets about ~150 orders per day and has caching enabled.

Thanks,

John

Are you allowing customers to log into the admin panel? Just curious.

By default, there are only three allowed invalid attempts before the software will block the account, this is handled by appconfig: MaxBadLogins (changing this would be against PC-DSS compliance). But, will be unblocked automatically also after 30mins (BadLoginLockTimeOut).

There is no option to unblock it via the admin panel, you'll need to manually do it via sql management studio by following this KB (to unblock immediately).