Account Lockout on multiple invalid login attempts

As part of our initiative to make HappyFox more secure, we have introduced new features that aim at preventing unauthorized access to the application.

The following features are now available for all HappyFox users (contact & staff)

  1. Account lockout due to multiple invalid login attempts

  2. Captcha verification during login

Account Lockout

HappyFox enforces a temporary 60 minute lockout period if a staff or contact enters invalid credentials consecutively for 5 times. The login screen displays the attempts remaining for a user before a lockout is triggered.

 Unsuccessful staff login

 Unsuccessful contact login

In the event of a lockout, the agent/contact is automatically notified via email. The email contains the following information for last successful login and for the past 5 unsuccessful login attempts

  • Timestamp

  • IP information

  • Location

  • Browser details

  • Operating System details 

Once an account is locked out, the agent/contact can do either of the following

  • Wait for 60 minutes so that the account lock is automatically released

  • Send an automated email request to the administrator/s requesting manual unlock

When an agent/contact is locked out of HappyFox, their active HappyFox sessions remain unaffected. New sessions i.e., new login attempts will be restricted (including SSO logins).

Manual account unlock request for contact

Unlocking Staff Account

This action is available to all agents who have “Unlock Staff” managerial permission.

Staff who have been locked out of HappyFox can be identified using the lock icon against their names in Manage >> Staff page. On clicking unlock, a confirmation popup is shown. Successful unlock of a staff sends an email notification to the staff that their account has been unlocked by the administrator.

Unlocking Contact Account

This action is available to all agents who have “Unlock Contact” managerial permission. 

Contacts locked out of HappyFox can be identified using the “lock” icon against their names in the Contacts list page. On opening the details page of the contact, the “unlock” action will be visible.

Contact list page in HappyFox classic 

Contact detail in HappyFox classic

Contact list page in the new version of HappyFox

Contact detail page in the new version of HappyFox

Captcha Verification 

In addition to a lockout mechanism, unsuccessful login attempts in both contact and staff login screens will now ask the user to verify themselves via a Captcha flow. The captcha flow is powered by Google’s reCAPTCHA service that uses an advanced risk analysis engine. This effectively helps prevent against automated malicious login attempts.

Successful captcha verification in Staff login page

reCAPTCHA asking for user verification during contact login

  • 707
  • 16-Mar-2018