Zenovay includes multiple layers of login security to protect your account from unauthorized access. This guide covers how these protections work and what to do if you notice suspicious activity.
Failed Login Protection
Zenovay protects against brute force attacks with automatic account lockout and network-level rate limiting.
Automatic Lockout
After 10 consecutive failed login attempts, your account is temporarily locked. You will see a warning when you have 1-2 attempts remaining.
Repeated lockouts result in progressively longer wait times:
| Lockout | Duration |
|---|---|
| 1st lockout | 5 minutes |
| 2nd lockout | 15 minutes |
| 3rd lockout | 30 minutes |
| 4th and beyond | 60 minutes |
Account lockout is enforced on the server side. Clearing your browser cookies or switching browsers will not reset the lockout counter.
Network-Level Rate Limiting
In addition to account lockout, Zenovay applies rate limiting at the network level. Rapid or automated login attempts from the same network are automatically slowed down or blocked before they reach your account. This provides an extra layer of defense against automated attacks and credential stuffing.
Unlocking Your Account
If your account is locked, you have three options:
- Wait for the lockout period to expire, then try again with the correct password
- Reset your password using the "Forgot password" link on the login page, which unlocks your account immediately
- Contact support at support@zenovay.com if you are still unable to access your account
Recognizing Suspicious Activity
Warning Signs
Watch for:
- Unexpected password reset emails you did not request
- Being logged out unexpectedly
- Changes to your account settings you did not make
- Email notifications about new logins from unfamiliar locations
What to Do If You Suspect Unauthorized Access
Change Your Password
Update to a new, strong password immediately. This will also sign out all other sessions.
Review MFA Settings
Ensure your MFA is properly configured. If you suspect your backup codes were compromised, regenerate them.
Check Account Settings
Review your profile, email address, and any changes made to your account or websites.
Contact Support
If you believe your account was compromised, contact support@zenovay.com immediately.
Security Recommendations
Protect Your Account
- Enable MFA: Use an authenticator app or security key for your second factor
- Use a strong, unique password: Do not reuse passwords from other services
- Keep your email secure: Your email is used for password resets and account recovery
- Log out on shared devices: Always sign out when using public or shared computers
- Monitor for phishing: Only log in through auth.zenovay.com or links you trust
Enterprise Audit Logging
Enterprise PlanEnterprise accounts have access to comprehensive audit logs that track:
- All authentication events
- Setting changes
- Data exports
- Team member actions
- API usage
- Admin actions
Enterprise audit logs can be exported for compliance and integrated with SIEM systems.
Next Steps
- Set up MFA if you have not already
- Manage your sessions
- Review security best practices