Overview
To protect your workspace from brute‑force attacks, Laywork enforces a progressive lockout policy:
3 failed login attempts → account locked for 2 minutes
On first lockout, subsequent lockout duration increases to 1 hour
A user may be locked out a maximum of 3 times
After 3 lockouts, the account remains disabled until an admin unlocks it
Failed‑attempt counters reset automatically after 24 hours
Why It Matters
This policy balances security (thwarting repeated guessing) with usability (short lockouts for genuine typos). Knowing the thresholds helps both admins and end users understand when and why an account becomes temporarily inaccessible.