Currently, if a learner enters their Absorb login password wrong five or more times, the system has a hard-coded 15-minute lockout preventing any additional attempts for 15 minutes. This cannot be overrided by any method other than to wait, even by an administrator.
This is a recurring problem. We use Absorb during new hire orientation for new hires to take certain online courses in the classroom. From time to time, learners will enter their password incorrectly and receive the 15-minute lockout. They have to literally sit in the classroom doing nothing for 15 minutes while everyone else in the class is able to take the online course.
Can you please either make this feature optional, or add the ability for an administrator to unlock the learner's profile? Surely there are better methods to prevent bruteforce hacks than to do this. Maybe add an IP whitelist that we can provide where this lockout doesn't happen if it's coming from those IP ranges?
I know this was also discussed on the old idea portal as well, so it's an issue for other people as well. Thank you.
This would be extremely useful for system admins.
A simple toggle, like the active/inactive toggle, in the users account page that would control lockouts would solve this.