The locked out functionality in SCP portal does not have the behavior typically adopted on different platforms.

The system should only block the offending IP and not block the username. Only in this way we can ensure that we block a brute force attack without blocking the legitimate user who is accessing through an IP that has not done anything wrong.

Another issue is the blocking time. Is the user locked forever (until manually unlocked)?

The behavior of Locked Out has generated many unnecessary requests for assistance, at least with us. Can we disable it?


Answered question