Designed to reduce brute force login attacks and to protect our customers, TUNE employs an Account Lockout Function for all user accounts. If an incorrect password is entered for the same user account more than three times in succession, the user will be locked out for a set period or until the password is reset.
*A brute force login is a process of attempting to gain entry to an account by repeatedly using various passwords and/or username combinations. These attempts can often happen very quickly (many attempts per second), which can render an account unusable and prevent customer access.
Lockout Triggers
A user account will become locked under the following scenarios:
The user has 3 failed login attempts |
The user is locked out for 1 minute |
The user has 5 failed login attempts |
The user is locked out for 5 minutes |
The user has 7 failed login attempts |
The user is locked out for 60 minutes |
The user has 10 failed login attempts |
The user is locked out permanently |
*Lockouts are applied per user account. If a user has reached enough failed login attempts to trigger a lockout only their account will be affected. Other accounts will still be able to log in and will not need to be reset.
Users with 7 or fewer failed attempts will see the following error:
Users with 10 or more failed attempts will see the following error:
Resetting Lockouts
There are 3 methods to clear an account when a lockout is triggered.
-
Wait for the lockout period to expire.
-
The user resets their password.
-
An admin user for the account logs in and clears the lockout for a user via the Employee Details view.
If you are unable to clear a lockout, please contact support@tune.com.