Modern web apps and services work this way nowadays. GitLab for example blocks your account for 10min, and sends this email:
Unlock instructions | [SITENAME] Hello USERNAME,
Your GitLab account has been locked due to an excessive number of unsuccessful sign in attempts. You can wait for your account to automatically unlock in 10 minutes or you can click the link below to unlock now.
If you did not initiate these sign-in attempts, please reach out to your administrator or enable two-factor authentication (2FA) on your account.
I find this workflow much better for both site admins and registered users: - less emails/phone calls for site admins to unlock user accounts -> less overhead - people don't have to raise tickets or email/call their site admin to unblock their user account, nor do they have to wait in line until this is actioned - they can self-serve
I propose that we:
- Add a setting under admin/config/people/login
to allow selecting between 2 possible actions if any of the flood thresholds is reached:
- (current behaviour) permanently block account immediately
- (new default behaviour) temporarily block account and send email with unblock link (link uses token for security)
- Tweak the "Account blocked" email under admin/config/people/emails
to account for this new feature, or create a new "Account temporarily blocked" email template.
To avoid flooding the legitimate user's mailbox with "Unblock account" emails, we could consider implementing some kind of logic like the following: The amount of time the account is blocked for starts at 10min and is increased each time. Second time is for 30min; third time is 1hr, at which point the account block becomes permanent and requires either an admin to unblock it, or the link sent in the last email to be clicked.
Recent comments
Hi @Gnome and welcome to Backdrop When I create custom layout templates I put them in /layouts/custom/my_layout Note: you can split modules and layouts between contrib and custom...
My layout template (layout--blog.tpl.php) doesn't work
This post explains how to do this in Drupal 7. In Backdrop, File Entity is already part of core. You will need to download and install module Views Field View. https://drupal.stackexchange...
I Need to Display an Image in a View that was Uploaded to a Webform
After alot of trials, i have done the obvious and translated the whole block for different languages with each property condition as follows: ->propertyCondition('langcode', 'en...
How to get the current page language?