TABLE OF CONTENTS
Escalation to Technical Support Required If
1. Can the lockout duration be adjusted?
2. Can users unlock their accounts immediately?
3. Can support manually unlock user accounts?
4. What if a user keeps getting locked out even with the correct password?
5. How does Smart Lockout identify attackers versus legitimate users?
6. Can I disable Smart lockout?
7. What happens if users get locked out of their account out of support business hours?
What is Smart Lockout?
It's a security feature that protects user accounts from unauthorized access by automatically detecting and blocking suspicious login attempts—such as brute-force attacks or credential stuffing.
It works by analysing login behaviour and patterns in real time, allowing it to intelligently tell the difference between legitimate users and potential attackers. This helps ensure genuine users can continue accessing their accounts, while threats are blocked automatically.
How It Works (Default)
- Lockout is triggered after 3 failed login attempts.
- Lockout period is 60 seconds long for the first 10 lockouts. The next 10 lockout periods are slightly longer and increase in duration after every 10 lockout periods, the longest eventually being 5 hours.
- The lockout counter resets to zero after a successful login when the account isn’t locked.
Note: Similar passwords (e.g., Password123! and Password124!) are treated as a single failed attempt to minimize false lockouts.
What Users Will Experience
Initial Attempts:
- On the first and second failed attempts, the user is simply notified of invalid credentials.
Third Failed Attempt:
- Smart Lockout triggers after the 3rd consecutive failure.
- User temporarily locked out for 60 seconds and receives an appropriate error message. ⚠️
During Lockout:
- The account cannot be accessed, even with the correct password.
- Lockout expires after the set duration unless manually reset. See FAQ below for who can action this.
Guidance for Supporting Users
- Reassure: This is a protective measure, not an error.
- Advise: Users should wait 1 minute before retrying for up to 10 lockout periods.
If the password is forgotten:- Email Users: Direct to use the password reset on the login page.
- No-email Users: Guide to request password reset from their Service Owner or validate and reset manually if identity is confirmed.
- Avoid: Suggesting repeated attempts as this prolongs lockout duration️.
Escalation to Technical Support Required If
- A legitimate user remains locked out despite entering the correct credentials, and resetting the password has not resolved the issue.
- There are clear signs of malicious access attempts.
FAQ
1. Can the lockout duration be adjusted?
Yes, contact Atlassupport@citation.co.uk for support.
2. Can users unlock their accounts immediately?
No, users must wait until the lockout duration expires automatically unless manual intervention.
3. Can support manually unlock user accounts?
Yes. However, this should be reserved for cases where users face repeated lockouts despite correct login attempts. Contact Atlassupport@citation.co.uk for support.
4. What if a user keeps getting locked out even with the correct password?
Escalate such cases to Technical support by submitting a ticket here.
5. How does Smart Lockout identify attackers versus legitimate users?
Smart Lockout evaluates IP reputation, login behaviour, and password entry patterns to differentiate genuine login attempts from malicious activities.
6. Can I disable Smart lockout?
No, it cannot be disabled.
7. What happens if users get locked out of their account out of support business hours?
Users must wait until the lockout duration expires automatically and try logging in again or wait till we can support them during business hours.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article