@SeanWrightSec Yeah, plenty of that about, tho that's not so much an issue with temporary lockouts as the people who implement them - not that that's a distinction the user should have to care about. As you noted elsewhere tho, today it feels like a lazy solution used instead of adding 2FA