Expected Behavior
5 failed attempts -> user is locked out for next 30 seconds -> 1 more failed attempt -> user is locked out for next 60 seconds -> 1 more failed attempt -> user is locked out for next 2 minutes -> 1 more failed attempt -> user is locked out for next 4 minutes -> 1 more failed attempt -> user is locked out for next 8 minutes -> 1 more failed attempts -> user is locked out for next 15 minutes -> 1 more failed attempt -> user is locked out for next 15 minutes.
Actual Behavior
After keying in invalid user/pass for 7 attempts, message "Password attempts exceeded" is displayed but the user is able to login immediately after, without a wait period.
Expected Behavior 5 failed attempts -> user is locked out for next 30 seconds -> 1 more failed attempt -> user is locked out for next 60 seconds -> 1 more failed attempt -> user is locked out for next 2 minutes -> 1 more failed attempt -> user is locked out for next 4 minutes -> 1 more failed attempt -> user is locked out for next 8 minutes -> 1 more failed attempts -> user is locked out for next 15 minutes -> 1 more failed attempt -> user is locked out for next 15 minutes.
Actual Behavior After keying in invalid user/pass for 7 attempts, message "Password attempts exceeded" is displayed but the user is able to login immediately after, without a wait period.