Frozen/Locked accounts

Overview

Users will have a certain number of attempts for incorrect credential entry as set by People administrators in the Password policy area.

The attempts before the maximum will show the below error when incorrect credentials are entered:

 

Once the last attempt has been concluded incorrectly user access will be temporarily blocked (Frozen/Locked) by the system as a security measure.

The default message below will display to them:


As end users can become confused with terminology, we recommend updating the phrasing of this message in the core localisation to something more indicative of the situation and how they can seek help on your site specifically or from your Intranet management team.

e.g. To replace the use of 'unblock' to reference the temporary freezing/locking of the account so the end user is aware they can try again without needing administrator assistance.


The updated message when attempts are maximised:

 

Context

So, depending on the credentials the user is entering incorrectly, they do have an opportunity to successfully log in themselves without outside assistance by simply waiting for their account to unlock after the set time period.

However, in most cases, a user has maximised the attempts because they do not know their username and/or password.

Accounts becoming frozen can be avoided entirely by requesting end users store their login credentials in a password manager or browser (depending on your company policy for this)

If credentials cannot be stored then the responsibility to manage user credentials falls to your site's People Administrators, Claromentis has tools to assist with this process, as outlined in the next section.

 

If they do not know their password

They can reset this on the login page and then attempt to log in with this once their account is no longer frozen.

 

If they do not know their username

They will need assistance from a People administrator to let them know what this is or send them a credential email from Admin > People > Email login details.

Having a naming convention for usernames helps to avoid these situations e.g. everyone's username is their email address, then there is no potential for an end user to not know what this is when trying to log in.

 

If they do not know both their username and password

If the user does not know they can reset their own password on the login page, then they will need assistance from a People administrator to reset their password for them and send a credential email from Admin > People > Email login details so they are shown both their username and a new password.

 

Do they need more help than unfreezing?

There is an opportunity whilst an account is frozen however for People administrators to unfreeze the accounts early, and before the time period set in the Password policy has elapsed.

Generally, though, the time period accounts remain frozen is short e.g. 3 minutes

It's not always most efficient to have a People administrator rectify by unfreezing because the end user does not have long to wait before their attempts reset anyway and it's more likely that they don't actually know their credentials so would need further assistance from an administrator beyond just unfreezing.

We recommend turning on the option shown below in Admin > People > Password:


This means whenever an account is frozen all People administrators are sent an email detailing the user and a link to unfreeze the account.

Beyond simply unfreezing the account this gives an opportunity for your team to be proactive and reach out to that user to assist with any further password recovery/reset/confirm username rather than putting the onus on the end user to reach out to you.
 


 

Of course, People administrators can simply unfreeze the accounts using the link in the email (or by following the steps below) as they are notified of each instance.

However as aforementioned, if the user doesn't know their credentials they will simply keep maximising attempts and freezing, so the actual cause of the issue is not being addressed by only unfreezing.
 

Unfreeze an account as an administrator

Step 1: Navigate to Admin > People Admin Panel (if following the link given in the administrator email go to Step 4)

Step 2: Use the Advanced Search to search for Frozen/Locked accounts

 

Step 3: Click on one of the accounts from the list

Step 4: Check 'Unlock now' scroll down to the end of the screen and click 'Update' to save

 

Step 5: The user account is no longer frozen so their attempts reset and they can try to login again

Step 6: Is administrator intervention required?

A People administrator can reach out to the user and clarify what help they need with their credentials, then the admin can:

- Confirm the correct username they should use

- Instruct how they can reset their own password on the login page

- Reset the password on the end user's behalf and send this in an email using the 'email login details' feature and ensure the user has to set a new password themselves on the next login (optional).
 

Last modified on 14 September 2023 by Veronica Kim
Created on 21 February 2019 by Hannah Door
blocked, login, user, frozen, locked

Was this helpful?  

Share
Search Knowledge Base
Recent Articles
People Notifications Thursday, 2 November 2023
Bulk User Import and Generate Random Password via Email Wednesday, 10 May 2023
Users can't log in? Thursday, 6 April 2023
Blocked users Friday, 27 January 2023
Which People groups and/or roles is a user in? Monday, 31 October 2022