What happened?
If there is an attempt to sign in to your account by entering incorrect input sign-in factors 8 times continuously, we will temporary block sign-in from the browser tab where the attempt was made, and show this error message. The input sign-in factors can be any of the following:
- Incorrect passwords
- Incorrect OTPs (in case of SMS-based OTP, email-based OTP, or OTP authenticator)
- Incorrect backup verification codes
This block only stays in your browser tab until the page is refreshed. This is done to stop any attempt of brute force attack by hackers.
Brute force attack is a method hackers employ to gain access to your account, and it involves guessing and entering the input sign-in factors (passwords, OTPs, or backup verification codes) repeatedly in an automated manner until they get one eventually right. We restrict the maximum number of consecutive incorrect attempts to only 8 at a time, thereby reducing the possibility of a brute force attack succeeding.
How to resolve this issue
If you have entered incorrect passwords continuously and encountered this error, you can refresh your browser tab and try again with the correct password, as the block will be removed on refresh.
If you have forgotten your password, you can
reset it yourself if you have access to your recovery options. If you are unable to reset your password:
- Contact support@zohoaccounts.com if you are a personal user or an organization admin.
- Contact your administrator if you are an organization user.
How to prevent this in the future
- Create a strong password that only you know. You may forget your password if you keep on changing your password more often.
- Use Zoho Vault to store your passwords securely, so that you won't lose or forget them.
- Make sure you set up at least one recovery option for your account; either a recovery email address or a recovery mobile number.