Zenovay includes multiple layers of login security to protect your account from unauthorized access. This guide covers how these protections work and what to do if you notice suspicious activity.
Failed Login Protection
Zenovay protects against brute force attacks with automatic account lockout and network-level rate limiting.
Automatic Lockout
After 10 consecutive failed login attempts, your account is temporarily locked. You will see a warning once you have 3 or fewer attempts remaining.
Repeated lockouts result in progressively longer wait times:
| Lockout | Duration |
|---|---|
| 1st lockout | 5 minutes |
| 2nd lockout | 15 minutes |
| 3rd lockout | 30 minutes |
| 4th and beyond | 60 minutes |
Account lockout is enforced on the server side. Clearing your browser cookies or switching browsers will not reset the lockout counter.
Network-Level Rate Limiting
In addition to account lockout, Zenovay applies rate limiting at the network level. Rapid or automated login attempts from the same network are automatically slowed down or blocked before they reach your account. This provides an extra layer of defense against automated attacks and credential stuffing.
Unlocking Your Account
If your account is locked, you have these options:
- Wait for the lockout period to expire, then try again with the correct password. The lockout clears automatically once the wait time is up.
- Reset your password using the "Forgot password" link on the login page. This is the right move if you no longer remember your password or suspect your credentials were compromised. Note that resetting the password does not skip an active lockout — once the lockout period has passed, sign in with your new password.
- Contact support at [email protected] if you are still unable to access your account
Recognizing Suspicious Activity
Warning Signs
Watch for:
- Unexpected password reset emails you did not request
- Being logged out unexpectedly
- Changes to your account settings you did not make
- Email notifications about new logins from unfamiliar locations
What to Do If You Suspect Unauthorized Access
Change Your Password
Update to a new, strong password immediately. This will also sign out all other sessions.
Review MFA Settings
Ensure your MFA is properly configured. If you suspect your backup codes were compromised, regenerate them.
Check Account Settings
Review your profile, email address, and any changes made to your account or websites.
Contact Support
If you believe your account was compromised, contact [email protected] immediately.
Security Recommendations
Protect Your Account
- Enable MFA: Use an authenticator app or security key for your second factor
- Use a strong, unique password: Do not reuse passwords from other services
- Keep your email secure: Your email is used for password resets and account recovery
- Log out on shared devices: Always sign out when using public or shared computers
- Monitor for phishing: Only log in through auth.zenovay.com or links you trust
Advanced Audit Logging
Scale PlanScale and Enterprise plans include an advanced audit log that tracks:
- All authentication events
- Setting changes
- Data exports
- Team member actions
- API usage
- Admin actions
Advanced audit logs can be exported for compliance and integrated with SIEM systems.
Next Steps
- Set up MFA if you have not already
- Manage your sessions
- Review security best practices