REL-ID for MobileREL-ID APIsREL-ID for Web
Guides
Start typing to search…

Authentication Failure

🎯 Purpose

Handles various authentication failure scenarios, implements security measures like account lockouts, and provides user guidance for recovery from authentication errors.

🚨 Authentication Failure Types

🔒 Incorrect Credentials

  • Scenario: User provides wrong Password, Email OTP, or SMS Authentication Code
  • System Response: Authentication error displayed to user
  • Attempt Tracking: System decrements available attempts counter
  • User Impact: Opportunity to retry with correct credentials

📊 Attempt Counter System

  • Configuration: Attempt limits are configurable (e.g., 5 attempts for password)
  • Tracking: Separate counters for different authentication factors
  • Exhaustion: All attempts exhausted triggers account lockout
  • Reset: Counters reset after successful authentication

🔐 Account Lockout Process

  • Trigger: User exhausts all available authentication attempts
  • Duration: Account blocked for configurable cooling period
  • User Experience: Clear error message indicating lockout status
  • Automatic Recovery: User automatically unblocked after cooling period expires

📊 Failure Scenarios and Responses

Failure TypeCauseSystem ResponseUser Options
Wrong PasswordIncorrect password enteredError message, attempt counter decrementedRetry with correct password
Invalid SMS OTPWrong SMS code enteredError message, option to resendRequest new SMS code
Invalid Email OTPWrong email code enteredError message, option to resendRequest new email code
Expired OTPCode used beyond time limitError messageRequest new code
Account LockedToo many failed attemptsLockout message with time remainingWait for cooling period

🔄 Cooling Period Management

🕐 Lockout Duration

  • Configuration: Cooling period duration is configurable by administrators
  • Typical Duration: Ranges from minutes to hours based on security policy
  • Progressive Increase: May increase with repeated lockouts
  • User Notification: Clear indication of remaining lockout time

⏰ Automatic Unblock Process

  • Timer: System maintains countdown timer for each locked account
  • Automatic Release: Account automatically unlocked when cooling period expires
  • Status Reset: Attempt counters reset upon automatic unblock
  • User Notification: System ready to accept new authentication attempts

📧 Code Resend Functionality

🔄 SMS Code Resend

  • Availability: "Re-send SMS" option available if code not received
  • Rate Limiting: Prevents abuse through time delays between requests
  • User Guidance: Instructions for checking phone reception and SMS blocking

📮 Email Code Resend

  • Availability: "Re-send Email" option available if code not received
  • Rate Limiting: Time delays prevent spam and abuse
  • User Guidance: Instructions for checking spam folders and email delivery

🎯 User Experience During Failures

📱 Clear Error Messaging

  • Specific Errors: Clear indication of what went wrong
  • Actionable Guidance: Instructions on how to resolve the issue
  • Retry Options: Clear paths for attempting authentication again
  • Support Information: Contact details for additional help

🔄 Recovery Options

  • Alternative Methods: Suggestion of different authentication factors if available
  • Account Recovery: Links to account recovery flows for persistent issues
  • Help Resources: Documentation and support contact information

📊 Failure Flow Diagram

Updated 15 days ago