Unlock User Account After Invalid Password Entries

Question

In my java application, I am going to lock the account if someone does not enter the correct password 6 times. I am going to add a field in my local database that indicates if a user's account is locked or not. However, how can I unlock this account? For example, I may want to unlock their account after 15 minutes. What is the best way to go about unlocking a user's account?

Store the time the user's account was locked as well. Compare the current time to the time it was locked to determine if it is unlocked. — amza, Jul 28 '15 at 21:16

CPUFry · Accepted Answer · 2016-01-28T22:46:11.387

2

I would only store the date and time that indicates when the user account is going to be unblocked.

So when that date/time is "larger" than the current time, the user is able to access the account.

Whenever the date/time is "smaller" than the current time, the user isn't able too.

edited Jan 28 '16 at 22:46

answered Jul 28 '15 at 21:22

CPUFry

566
4
18

score 0 · Answer 2 · answered Jul 28 '15 at 21:26

0

Store a "high water mark" time for it to unlock. Each time the user violates the # of failed tries etc refresh it.

answered Jul 28 '15 at 21:26

TheFiddlerWins

860
5
19

Unlock User Account After Invalid Password Entries

2 Answers2