Customize max sign-in attempts and duration of user lockout

Clerk provides an Account Lockout feature in order to protect user credentials against brute force attacks. You can customize the number of times a sign in can be attempted before the account is locked to prevent further sign-in attempts, and how long such a lockout lasts.

1. In your Clerk Dashboard, navigate to User & Authentication > Attack Protection.
2. To change the number of failed attempts before a user is locked out, under Maximum attempt limit, enter a new number of failed attempts allowed. (The default is 100 attempts.)
3. To change the duration, under Lockout duration, select Time limit. Then, select the unit of time (minutes/hours/days/years) and enter the number of units you want lockouts to last.
4. Select Save changes to apply your settings.

Lock a user account forever until an admin unlocks the account

1. In your Clerk Dashboard, navigate to User & Authentication > Attack Protection.
2. Under Lockout duration, select Indefinite Lockout.
3. Select Save changes to apply your settings.