cs-icon.svg

Account Lockout Policy

To strengthen login security, Contentstack enforces an account lockout policy that prevents unauthorized access through repeated failed login attempts. This mechanism safeguards user accounts from brute-force attacks or credential guessing.

How Account Lockout Works

When a user enters incorrect login credentials consecutively, the account becomes temporarily locked for increasing durations based on the number of failed attempts. If unsuccessful attempts continue, the account gets locked indefinitely.

During the lockout period, login access is restricted. However, authorized users can still use the Forgot Password? option to reset their password and regain access.

Failed Login AttemptsLockout Duration
1 to 4 attempts0 mins
5th attempt5 mins
6th attempt10 mins
7th attempt15 mins
8th attempt20 mins
9th attempt25 mins
10th attemptLocked indefinitely

Note: After the 10th failed attempt, the account remains locked until manually reviewed. Contact support for assistance.

Best Practices

To avoid account lockouts, follow these best practices to ensure secure and uninterrupted access to your Contentstack account:

  • Ensure login credentials are entered correctly
  • Use a secure and updated password manager
  • Reset your password promptly if forgotten

For additional security, enable Multi-Factor Authentication (MFA) to protect your account with an extra layer of verification.

Was this article helpful?

More articles in "Authentication and Security"

Single Sign-On (SSO)

Learn more

Multi-Factor Authentication

Learn more
^