<html>
  <head>
    <meta content="text/html; charset=windows-1252"
      http-equiv="Content-Type">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    <div class="moz-cite-prefix">On 05/04/16 09:46, Stian Thorgersen
      wrote:<br>
    </div>
    <blockquote
cite="mid:CAJgngAfrWA_tbt4iX3zTh9ZgH9afUs7L9byW1SLgEZn+KVHr+A@mail.gmail.com"
      type="cite">
      <div dir="ltr">
        <div>Currently [1] the failed login attempts are not reset on a
          successful login. This could cause a user with bad memory to
          lock the account over time. This can be prevented by setting
          "Failure Reset Time", but is that sufficient. Should we reset
          the failed login attempts on successful login?</div>
      </div>
    </blockquote>
    I think that yes, I believe that's what most of the web-sites are
    doing as well?<br>
    <br>
    Marek<br>
    <blockquote
cite="mid:CAJgngAfrWA_tbt4iX3zTh9ZgH9afUs7L9byW1SLgEZn+KVHr+A@mail.gmail.com"
      type="cite">
      <div dir="ltr">
        <div><br>
        </div>
        [1] <a moz-do-not-send="true"
          href="https://issues.jboss.org/browse/KEYCLOAK-2692">https://issues.jboss.org/browse/KEYCLOAK-2692</a><br>
        <div><br>
        </div>
        <div><br>
        </div>
      </div>
      <br>
      <fieldset class="mimeAttachmentHeader"></fieldset>
      <br>
      <pre wrap="">_______________________________________________
keycloak-dev mailing list
<a class="moz-txt-link-abbreviated" href="mailto:keycloak-dev@lists.jboss.org">keycloak-dev@lists.jboss.org</a>
<a class="moz-txt-link-freetext" href="https://lists.jboss.org/mailman/listinfo/keycloak-dev">https://lists.jboss.org/mailman/listinfo/keycloak-dev</a></pre>
    </blockquote>
    <br>
  </body>
</html>