Customize max login attempts and duration of user lockout

Clerk provides an Account Lockout feature in order to protect user credentials against brute force attacks. You can customize the number of times a login can be attempted before the account is locked to prevent further login attempts, and how long such a lockout lasts.

1. In your Clerk Dashboard, navigate to User & Authentication > Attack Protection(opens in a new tab).
2. To change the number of failed attempts before a user is locked out, under Maximum attempt limit, enter a new number of failed attempts allowed. (The default is 100 attempts.)
3. To change the duration, under Lockout duration, select Time limit. Then, select the unit of time (minutes/hours/days/years) and enter the number of units you want lockouts to last.
4. Select Save changes to apply your settings.

Lock a user account forever until an admin unlocks the account

1. In your Clerk Dashboard(opens in a new tab), navigate to User & Authentication > Attack Protection(opens in a new tab).
2. Under Lockout duration, select Indefinite Lockout.
3. Select Save changes to apply your settings.