As a safeguard to prevent password hacking and brute force attacks, the software requires each User to have a unique username and password that must be entered each time a user logs on. Password strength parameters are enforced by the application and include: Password lengths of 10-128 characters, passwords cannot contain 2 identical characters in a row, must contain at least 3 character types out of 4 (upper case, lower case, numbers, and special characters), and passwords cannot be “reused” for one year. In addition, accounts are locked after 5 failed login attempts for a duration of 10 minutes or until unlocked by an Administrator.
If you go into Setting \ User Admin, the User who has been locked out will have a lock icon in the Active Column, otherwise, they are no longer locked out. Only an Org Admin can select the User and click the Actions box drop-down menu to Unlock the User.