Disable Account Lockout After Excessive Login Failures in Open edX
Account lockout feature will keep track of the number of failed login attempts on a given user’s email. If the number of consecutive failed login attempts - without a successful login at some point - reaches a configurable threshold (default 5), then the account will be “locked” for a configurable amount of seconds (15 minutes) which will prevent additional login attempts until this time period has passed. If a user successfully logs in, all the counter which tracks the number of failed attempts will be reset back to 0.
By default, account lockout is enabled, but the feature is configurable via a FEATURES flag.
Configure:
Open and edit lms.env.json
file using your favorite editor. Then find the "FEATURES"
configuration, add ENABLE_MAX_FAILED_LOGIN_ATTEMPTS into "FEATURES"
array and set to false. See the following codes snippet:
"FEATURES": {
...
"ENABLE_MAX_FAILED_LOGIN_ATTEMPTS": false,
...
},
Restart LMS service.