Design a sane account-lockout and recovery policy for high-risk apps.

Problem Statement

Explanation

Use adaptive lockouts that trigger on suspicious patterns instead of a fixed small number. Combine rate limiting, progressive delays, and device or network reputation. Require step-up multi-factor for resets, and log every reset with alerting on unusual patterns. Provide secure self-service recovery with verified channels. Keep user experience in mind so you do not create a denial of service for real users. Align thresholds to your authenticator assurance level and monitor outcomes to tune the policy.

Code Solution

SolutionRead Only

Example: 5 failures → 15-minute cool-down; repeated across IPs triggers CAPTCHA and step-up MFA; audited reset flow

Practice Sets

This question appears in the following practice sets:

Auth & Access

Next Question

Master Interviews
Anywhere, Anytime

Design a sane account-lockout and recovery policy for high-risk apps.

Problem Statement

Explanation

Code Solution

Practice Sets

Related Questions

What does the CIA triad stand for in information security?

What is the primary purpose of a firewall in network security?

Which device or service filters HTTP(S) traffic specifically to protect web applications?

What best describes an SQL injection attack?

What principle underpins the Zero Trust security model?

More from System Security

Master Interviews Anywhere, Anytime

Design a sane account-lockout and recovery policy for high-risk apps.

Problem Statement

Explanation

Code Solution

Practice Sets

Related Questions

What does the CIA triad stand for in information security?

What is the primary purpose of a firewall in network security?

Which device or service filters HTTP(S) traffic specifically to protect web applications?

What best describes an SQL injection attack?

What principle underpins the Zero Trust security model?

More from System Security

Master Interviews
Anywhere, Anytime