Skip to content
English
Contact us
  • There are no suggestions because the search field is empty.

Lock portal accounts after too many failed login attempts

Prevent brute-force attacks by temporarily locking portal accounts after multiple failed login attempts. MSR-1126 | October 2025

Who is this feature relevant for?

All customers using our portals with password authentication via MSR.

The benefits at a glance

  • Prevents brute-force attacks by temporarily locking accounts.

  • Number of allowed failed attempts and lock duration are configurable.

  • Lock is lifted after a successful login or password reset.

  • Feature is automatically enabled.

Feature explanation

As soon as a user logs in incorrectly multiple times, the attempts are counted and compared with the configured limit in Custom Settings → Portal Settings. After the maximum number of attempts is reached, the account is temporarily blocked for the configured duration (in seconds).

  • Each failed login attempt is logged with date and time on the person record in MSR.

  • During the blocking period, login is denied with a clear error message.

  • After the lock period ends, one more attempt can be made.

  • A successful login or password reset resets the counter.

  • Client and candidate portals separately track the number of attempts.



Set-up

    Default feature settings
    With the installation of the 2025-03 release, the following values are automatically configured. If you wish to change them, you can adjust them yourself via Custom Settings → Portal Settings:

    • Number of failed login attempts: 5

    • Lock duration: 300 seconds (5 minutes)

    If these fields are left empty, the functionality is disabled.

    New fields
    The following fields have been added to the Contact object. No permissions are required for using this feature. If you want users to view this information, you can grant read access via permission sets/profiles and optionally add the fields to the page layout:

    • Last login attempt client portal

    • Last login attempt candidate portal

    • Number of failed login attempts client portal

    • Number of failed login attempts candidate portal

    Feature Implementation Time
    Very simple implementation: less than 15 minutes

     

    🔗 Here you can find all features from the October Release 2025.