Enforce Account Lockout for OTPs

At the time of authentication, some users may enter incorrect One Time Passcodes (OTPs) too many times. Considering we can’t tell the identity of the person attempting to login, it could be an unauthorized bad actor trying to gain access especially if the first factor (password) has already been compromised.

Account lockouts offer an effective way to “slow down” a potential bad actor, and prevent logins for a limited period of time (say 30 minutes) when too many incorrect passcodes are entered. Enterprises can track these incidents to respond in a timely manner to either make the employee/customer aware of the unauthorized attempt or help them from being locked out. Accounts automatically unlock after a configurable period of time to limit disruptions to productivity.