Bruteforce Detection

Whats the difference between
Q1. Wait Increment and Max Wait ? Please advise.

Q2. Why is the login error message is showing as “Invalid credentials” though my account was temporarily disabled/locked, I am expecting something more meaningful message like, your account was temporary locked/disabled. Can we achieve this ? Please advise.


Better defs in the docs:

Wait Increment: The time added to the time a user is temporarily disabled when the user’s login attempts exceed Max Login Failures.

Max Wait: The maximum time a user is temporarily disabled.

The error message shows “Invalid credentials” as it is a security practice not to let a user know they have been temporarily disabled if the account is under attack