Bad Interface: Warn user after 4 login attempts they will be locked out
I had the bad experience to attempt to login 5 times and get locked out for 30 minutes. If I had gotten a warning after the 4th attempt I could have chosen to use password reset instead. Also, locking me out after 5 attempts provides no additional security. A brute force password crack will need thousands of attempts. Make the lockout after 10 or 50 attempts. This bad experience matters. I had a meeting in less than 30 minutes and had the whole team move to Facebook Workplace instead. If we like it we may not come back. You can lose customers over this. 1) Provide warning before lockout 2) Up the number of password attempts
Show less