Currently, to protect users from the risk of Account Takeover (ATO) through brute force attacks, you can enable the account lockout feature. This feature will automatically display a CAPTCHA after several failed login attempts, requiring the user to verify that the login attempt is being made by a human. To enable it, follow these steps.
A. Setting Up Account Lockout
Go to the Mekari Access menu.
Click “Set up” in the Mekari Lockout section.
A pop-up will appear as follows. In the Failed sign-in attempts before lockout section, select after how many attempts the account will be locked.
In the Reset failed attempts counter after section, specify the number of minutes after which the failed login attempt counter will be reset to 0 (zero).
Next, in the Unlocking user account section, there are three options you can choose from. First, Allow sign-in after lockout duration, where you can set the duration (minutes) the account will be locked before it automatically unlocks.
For the Require password reset option, users need to reset their password before logging back into the account.
If you enable password reset, the display will look like this.
Lastly, there is Require email OTP verification, where users need to verify an OTP via email to access their account.
If you enable OTP verification, the display will look like this.
Once the settings are complete, click “Save”.
B. Viewing Login Attempts
After account lockout (Account lockout) has been set up, you can view the login attempt history of users/employees as follows.
Go to the Security menu.
Next, click the “Company activity log” submenu.
The activity history will be displayed as follows.
In the Detail column, you can see accounts that were locked due to failed login attempts.
That is the explanation on how to enable account lockout in Mekari.