A Strong Performer in The Forrester Wave™: Digital Experience Platforms, Q4 2025
Contentstack
Changelog

Account Lockout Policy

To strengthen login security, Contentstack enforces an account lockout policy that prevents unauthorized access through repeated failed login attempts. This mechanism safeguards user accounts from brute-force attacks or credential guessing.

How Account Lockout Works

When a user enters incorrect login credentials consecutively, the account becomes temporarily locked for increasing durations based on the number of failed attempts. If unsuccessful attempts continue, the account gets locked indefinitely.

During the lockout period, login access is restricted. However, authorized users can still use the Forgot Password? option to reset their password and regain access.

Failed Login AttemptsLockout Duration
1 to 4 attempts0 mins
5th attempt5 mins
6th attempt10 mins
7th attempt15 mins
8th attempt20 mins
9th attempt25 mins
10th attemptLocked indefinitely

Note: After the 10th failed attempt, the user account remains locked until manually reviewed. Reach out to your Contentstack organization admin or owner to get unlocked.

Unlock Users

Organization admins and owners can manually unlock users individually or in bulk.

To unlock users individually or in bulk, log in to your Contentstack account and perform the following steps:

  1. Navigate to Administration > Users through “App Switcher”.
  2. Click the vertical ellipsis in the Action column next to the locked user.

    Or select up to 10 users using the respective checkboxes.

  3. Click Unlock User.
  4. Review the selected users in the confirmation modal and click Continue or Proceed to restore access.
Note:
  • The Unlock User option is not available for:
    • Users who are part of multiple Contentstack organizations
    • Org owners

    In both cases, contact Contentstack support to unlock the user.

  • The Unlock User button appears only if all users selected in bulk are unlockable. If one or more selected users are ineligible (e.g., multi-org users or organization owner or already unlocked user), the option will not be shown.

Best Practices

To avoid account lockouts, follow these best practices to ensure secure and uninterrupted access to your Contentstack account:

  • Ensure login credentials are entered correctly
  • Use a secure and updated password manager
  • Reset your password promptly if forgotten

For additional security, enable Multi-Factor Authentication (MFA) to protect your account with an extra layer of verification.

More articles in "Authentication and Security"