An incorrect password can be entered up to six times before the system implements a lockout. Once triggered, the account will remain locked for 30 minutes, or until a Plex administrator manually intervenes to unlock it.
If there is another failed login attempt after the lockout is cleared, it will trigger another 30-minute lockout. Failed login attempts to have no expiration and are cleared only upon a successful login.
Please note the following details:
- These changes affect only the Plex IdP. For accounts that have been federated to use Azure AD or Okta, the policies defined in those systems will dictate login behavior.
- The number of sequential failed attempts that trigger a lockout is 6. There is no time period in between any sequential attempts that would clear the failed attempts (so 3 failed attempts on one day followed sequentially by 3 failed attempts the second day would trigger a lockout).
- A successful login resets the sequential failed attempts count to zero.
- A locked IAM account will remain so for 30 minutes. IAM administrators can unlock an IAM account earlier than this 30 minute period if desired.
- The Access Log screen will show IAM account locked and unlocked actions.