I can see the use case for resetting a password if it has already expired, but I'm still thinking about the lockout case.
When I'm at work, and I've managed to lock myself out of an account because I authenticated too many times within a given timeframe, I have to call someone (a system admin or help desk) to reset my authentication attempts (which it the whole idea behind the design, right?).
I can see the use case for resetting a password if it has already expired, but I'm still thinking about the lockout case.
When I'm at work, and I've managed to lock myself out of an account because I authenticated too many times within a given timeframe, I have to call someone (a system admin or help desk) to reset my authentication attempts (which it the whole idea behind the design, right?).