Skip to main content

Login lockout

Anti-Abuse Options

Hackers may use automated password guessing software to try to break into an agent or user account on your helpdesk. This type of software tries to log into an account with a long list of common passwords in rapid succession.

To prevent attacks like this, the login lockout feature locks an account after a number of failed login attempts within a short period of time.


The login lockout setting is separate from the setting to display a CAPTCHA for login attempts under Portal rate limiting.

By default, if there are 20 failed login attempts within 15 minutes, the account will be locked for 15 minutes, preventing further guessing.

Go to Admin> Setup > Rate Limiting to change the login lockout policy. You can set separate policies for agents and users. You can disable login lockout altogether, but we do not recommend it for security reasons.

Authors list

First published: 24/03/2017

Last updated: Oct 27, 2017 by Paul Davies