MOCKUP #1 - NOT TELLING THE USER WHICH FIELD HAD WRONG ENTRY, BUT STATING THAT THE USER WILL BE LOCKED OUT OF THEIR ACCOUNT AFTER 10 FAILED LOGIN ATTEMPTS
This scenario shows a server-side response that the email/username and password combination is incorrect.
This scenario shows a server-side response that the email/username and password combination is incorrect.
NOTES:
- This is the most "secure" approach: There's a specific reason some sites do not say which field is "wrong"—If a hacker knows the email/username is present in the database, then they already have a victim and just need to focus on a password. While, with just a warning that something is wrong, the hacker won't even know if the user exists.
- TO CHECK WITH IDM TEAM IF POSSIBLE: Both the "Email or Username" and "Password" input field borders should be styled with
style="border-color: #a94442;". - TO CHECK WITH IDM TEAM IF POSSIBLE: Even though the logic will be 10 failed login attempts before being locked out, the bottom part of the message will not show until the user only has 5 more failed login attempts.
So, for failed login attempts 1, 2, 3, 4, and 5, the user will see this alert:Then, for failed login attempts 6, 7, 8, and 9, the user will see this alert:Your email/username or password is incorrect. Please check your login and try again. If you are stuck, you can also look up your account.Your email/username or password is incorrect. Please check your login and try again. If you are stuck, you can also look up your account.
For security reasons, after 5 more failed login attempts you'll have to wait 60 minutes before trying again.
Log In or Create an Account
Your email/username or password is incorrect. Please check your login and try again. If you are stuck, you can also look up your account.
For security reasons, after 5 more failed login attempts you'll have to wait 60 minutes before trying again.
For security reasons, after 5 more failed login attempts you'll have to wait 60 minutes before trying again.