User Policy; The way User Policy lockouts are applied have been updated

User Policy allows a User to be locked out after a given number of unsuccessful attempts have been made to log in. Previously, once a User was locked out, they would only be informed of the lock out if they entered the correct password; otherwise, the incorrect password error would be displayed. This would effectively allow a User infinite attempts to guess another Users' password.

Additionally, after the lock out period has expired, the User would only get a single chance to enter the correct password before the User is locked out again. This was incorrect as the number of incorrect logins before lockout is configured on the User Policy.

Therefore, the following improvements have been made:

• If a User is locked out, they will now receive the lock out message regardless of whether they have entered a correct or incorrect password during the lockout.
• Once the lock out period elapses, the User will now be able to attempt the full number of logins as dictated by the User Policy before they are locked out again.