You can manage options on how to deal with multiple failed login attempts.
If any user fails to log in for a number of consecutive tries, you can automatically block the account. Furthermore, you can force the user to wait a certain period of time before trying to log in again.
Blocking and unblocking the account will trigger an email message. The content of each message is configurable in [Order processing] - [Workflow configuration] - [Email templates] - [User account blocked - administrator], [User account blocked - user], and [User account unblocked]
Click [User management] - [Users] - [Users security settings].
[Enable block account functionality].
Enabled
The user accounts will be blocked after a certain number of failed login attempts. This is set by default.
Disabled
There is no check for repeated failed login attempts.
[Block user account after number of failed attempts:]
Set the number of failed login attempts before the user account is blocked. Default value: 3. Maximum accepted value: 10.
[Automatically unlock account after [hours]:]
Set the number of hours for the blocked account to be unblocked automatically. Default value: 24. Maximum accepted value: 72.
[Delay after a failed login [seconds]*:]
Set the number of seconds of delay before allowing the user to try a new login attempt. Default value: 0 (functionality not enabled). Maximum value: 600.
Click [Save].
Blocking and unblocking do not apply to LDAP accounts.