Account Lockout on multiple invalid login attempts

As part of our initiative to make HappyFox more secure, we have introduced new features that aim at preventing unauthorized access to the application.

The following features are now available for all HappyFox users (contact & agent)

  1. Account lockout due to multiple invalid login attempts

  2. Captcha verification during login

Account Lockout

HappyFox enforces a temporary 60 minute lockout period if an agent or contact enters invalid credentials consecutively for 5 times. The login screen displays the attempts remaining for a user before a lockout is triggered.

 Unsuccessful agent login

 Unsuccessful contact login

In the event of a lockout, the agent/contact is automatically notified via email. The email contains the following information for last successful login and for the past 5 unsuccessful login attempts

  • Timestamp

  • IP information

  • Location

  • Browser details

  • Operating System details 

Once an account is locked out, the agent/contact can do either of the following

  • Wait for 60 minutes so that the account lock is automatically released

  • Send an automated email request to the administrator/s requesting manual unlock

When an agent/contact is locked out of HappyFox, their active HappyFox sessions remain unaffected. New sessions i.e., new login attempts will be restricted (including SSO logins).

Manual account unlock request for contact

Unlocking Agent Account

This action is available to all agents who have “Unlock Agent” managerial permission.

Agents who have been locked out of HappyFox can be identified using the lock icon against their names in Manage >> Agents page. On clicking unlock, a confirmation popup is shown. Successful unlock of a Agent sends an email notification to the agent that their account has been unlocked by the administrator.

Unlocking Contact Account

This action is available to all agents who have “Unlock Contact” managerial permission. 

Contacts locked out of HappyFox can be identified using the “lock” icon against their names in the Contacts list page. On opening the details page of the contact, the “unlock” action will be visible.

Lock Icon inside Contact list page:

Unlock Contact option inside Contact detail page:

Captcha Verification 

In addition to a lockout mechanism, unsuccessful login attempts in both contact and Agent login screens will now ask the user to verify themselves via a Captcha flow. The captcha flow is powered by Google’s reCAPTCHA service that uses an advanced risk analysis engine. This effectively helps prevent automated malicious login attempts.

Successful captcha verification in Agent login page

reCAPTCHA asking for user verification during contact login

To know how to unlock agents in HappyFox Classic version, please refer to the document attached.