I think that yes, I believe that's what most of the web-sites are doing as well?Currently [1] the failed login attempts are not reset on a successful login. This could cause a user with bad memory to lock the account over time. This can be prevented by setting "Failure Reset Time", but is that sufficient. Should we reset the failed login attempts on successful login?
_______________________________________________ keycloak-dev mailing list keycloak-dev@lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-dev