Account Temporarily Locked

Why it happens and what to do

Overview

After several failed sign-in attempts, Heimlane Vault temporarily locks your account to stop an automated attack trying to guess your master password. Your vault and data are safe - the lock prevented the attempts, it did not expose anything. The lock clears by itself; you usually don’t need to do anything, though you will receive email alerts because of the suspicious activity - someone or something really did try to access your account, and that deserves your attention.

Heimlane is zero-knowledge: we cannot see your passwords or reset them, and we have no access to your vault contents. This protection is based only on sign-in metadata, never on what’s in your vault.

What happened

Your account had repeated failed sign-ins in a short window, so per-account lock protection paused sign-ins for a short cooldown. This is separate from, and in addition to, the per-IP blocking that stops a single address from hammering the login. The lock is temporary and fully reversible.

If this was you

You were probably just mistyping your master password - it happens, especially under pressure. Nothing is wrong.

  1. Wait for the automatic unlock. The exact time is in the lock email we sent you. The account then reopens on its own.
  2. Or unlock early. For the first few locks, the email includes an Unlock my Vault account now button that ends the cooldown immediately.
  3. Sign in as usual. Unlocking only lifts the timer - you still need your master password and two-factor authentication.
  4. Forgot your master password? Use the password hint option on the sign-in page.

Unlocking never signs you in by itself and never reveals your vault. It only ends the waiting period early.

If this was not you

The lock did its job and blocked the attempts, so there is no emergency. But if you believe someone knows your email and is trying to guess your master password:

  1. Sign in to your web vault.
  2. Go to Settings > Master password and set a new one.

Changing your master password is only worth doing if you suspect a real guessing attempt - not just because the lock happened.

How long does the lock last?

Durations escalate with repeated locks - a few minutes at first, then longer if attempts continue - and reset over time once things are quiet. This makes a sustained attack progressively harder while keeping an accidental lockout short.

Adjusting your protection level

You can tune this in your web vault under Settings > Danger Zone > Account Lock Protection:

  • Default (recommended) - a balance of protection and convenience.
  • Relaxed - locks later and for less time.
  • Strict - locks sooner and for longer.
  • Disabled (not recommended) - no account locking. Other security measures still apply.

Lowering the protection asks for your master password.

Still need help?

If you have questions, you can reach us at support@heimlane.com.