Bỏ qua để đến nội dung
DOL Wiki

Password lock threshold and checkout minimum verified-contact policy

DomainsDOL EnglishProduct131 words1 min read
confirmedbyProduct Design

DEC-0057 - Password lock threshold and checkout minimum verified-contact policy

Phần tiêu đề “DEC-0057 - Password lock threshold and checkout minimum verified-contact policy”

Context

Phần tiêu đề “Context”

Security/recovery baseline existed, but exact lock threshold and checkout contact requirement still needed final values to avoid UX and support ambiguity.

Decision

Phần tiêu đề “Decision”

Password-failure lock:

  • Lock account login for 15 minutes after 5 consecutive failed password attempts.
  • During lock window, allow OTP unlock path for early recovery.

Checkout minimum verified contact:

  • Require at least one verified recoverable contact before payment completion.
  • Accepted minimum: verified email OR verified phone.
  • Do not require both channels.

Decision Value

Phần tiêu đề “Decision Value”
  • Gives clear, enforceable lock threshold with recoverable path.
  • Reduces checkout failure caused by over-strict contact requirements.

Rationale

Phần tiêu đề “Rationale”

The policy balances account protection and conversion: strict enough to slow abuse, but flexible enough to keep legitimate users moving through payment.