We've added a security layer on the member portal login side, where, the number of unsuccessful tries plays a major role.
It means that, on the portal, we'll be providing maximum number of 6 attempts where the user has to login successfully into the account. If the user has consecutively 6 login fail attempts, their account will either be blocked for 24 hours or they will have to reset the password.
If it's first or second attempt, you will be able to see an error message stating "Invalid email/password combination"
If it's a consecutive failure attempt after first and second, you will be able to see an error message stating "Invalid email/password combination. N Attempts Remaining." where N = Total attempts (6) - Current attempt
When it's a third consecutive unsuccessful attempt -
You will either need to wait for 24 hours to regain the new 6 attempts or have to reset the password.
In the case mentioned above, as the chain of consecutive 6 failed attempts is broken, then post the successful attempt, the user will again receive 6 attempts for the retry.