Password Lockout Policy

Updated 4 months ago by James Dunn

We have implemented a new system-wide password lockout policy, effective 5/23/2020:

In order to prevent bute-force password hacking attempts (e.g. dictionary attacks, social engineering, guessing), we will lock out any account for 15 minutes if the password is entered incorrectly 5 times. This cool-off period ensures that it would take many years for a robot to guess your password correctly.

On the web interface, you'll see an error like this if you are locked out:

The maximum number of password tries has been exceeded. Please try again in 15 minutes.

However, on FTP, SFTP, FTPS, or even WebDAV the error will not be distinguishable from an ordinary authentication failure.

S/FTP Error 530 Authentication failed. Critical error. Could not connect to server.

If you are not sure if you are locked out, try logging in through the website, and check the error message. If you don't know the web address (URL) you can use the FTP server name in the browser and it will send you to the HTTPS login page.

If you are locked out, don't panic. Your account will be automatically unlocked in 15 minutes. If you cannot wait, your site administrator can unlock your account for you.

Unlocking a user account from the web interface

If you forgot your password click here.


How Did We Do?