Account lockout policies

Account lockout provides an additional layer of security for your ScheduleOnce account. It protects against brute force login attempts and automatically suspends account access when multiple failed login attempts have been identified.

Account lockout applies to all Users on your ScheduleOnce account that use an email and password combination to login. Account activity for Users with a G Suite login is monitored by Google. Learn more about G Suite activity alerts.

As an Administrator, you can enable Account lockout by navigating to Account -> Security -> Account lockout policies. When you enable account lockout, you can also define the lockout criteria:
  • Attempts allowed - The number of unsuccessful login attempts required to lock an account
  • Lockout timeframe – The timeframe for counting unsuccessful login attempts.

The lockout criteria determines the threshold that triggers lockout. Suppose your Account lockout policy is set to allow no more than three attempts in 60 minutes. Three failed login attempts at 09:00 am, 09:30 am and 09:59 am will lockout your account (since all three attempts happened within the lockout timeframe). Three failed login attempts at 09:00 am, 09:30 am and 10:01 am will not lockout your account (since only two attempts were in the lockout timeframe).

Enabling Account lockout is a good security practice. We recommend setting the lockout criteria to five attempts within 30 minutes.

Locked accounts

Locked accounts prevent access to the User application. A locked account is able to accept bookings from customers and Booking pages function as normal. If a User is locked out of their account, all administrators receive an email notification advising about the security event.

Unlocking an account

Administrators can unlock all User accounts apart from their own. To unlock a User account, navigate to Account -> Users. Hover over the Users profile and click on the unlock link.

My account is locked

If your account has been locked, you should contact a ScheduleOnce administrator from your organization. If you are the only administrator and your account has been locked, or if you’re not sure who the administrator for your own account is, please contact us.

Rate this article