Lock Account After 4 Failed Tries. Good UX or Bad UX?(whoisjuan.substack.com)

1 year ago from Juan J. Ramirez, Another Designer

  • Jon DarkeJon Darke, 1 year ago

    A lot of these decisions come down to how much friction can you afford introduce in order to enforce good security, relative to what you product is and how much value it delivers.

    The rest of the UX outside of the locking itself comes into play, such as how do you unlock the account once locked, do you offer 2fa, what other details about a person to do you have to authenticate if they loose access to their registered email account, how much personalised support can the business afford to deliver, etc...

    Its never a 1-size-fits-all answer and depends on the service, what it offers and what it's user expect.

    2 points
    • Jordan RomanoffJordan Romanoff, 1 year ago

      The rest of the UX outside of the locking itself comes into play, such as how do you unlock the account once locked

      This is exactly my thought. I've also been confronted with systems that lock but don't tell you when. There should always be a warning that the account is about to lock which could probably be coupled with a prompt to reset your password.

      0 points
      • Jon DarkeJon Darke, 1 year ago

        I had this happen again today actually. I wanted to change my password on ring.com, as somehow the one in my password manager was out of sync. I tried 2 or 3 times first using the incorrect password manager stored credentials, then did a password reset via email, after which I was still locked out. Surely once a password reset has been confirmed the lock should be lifted automatically? Instead I need to wait an undefined period of time before trying again.

        1 point