🔐 Phase 3 Security Update: MFA Enforcement & Account Lockout
We’re continuing to strengthen account protection across Upright Labs products as part of our ongoing security rollout. The next phase — MFA enforcement and account lockout controls —
will start rolling out today Thursday, November 20, 2025.
What’s Changing
Multi-Factor Authentication (MFA)
To add an extra layer of protection, all users will now be required to enable MFA via
Email
or an Authenticator App
.On the first login on or after November 20, you’ll be prompted to set up MFA using your preferred method:
- Email:Users can add an email to their account through their edit settings page.
- Authenticator App:Download a compatible app such as Google Authenticator, Microsoft Authenticator, or Authy.
For step-by-step setup instructions, see our updated How to Set Up Multi-Factor Authentication Help Article
Account Lockout & Access Control
To protect against repeated unauthorized login attempts:
- Accounts will lock after 5 failed login attempts.
- Rate limiting is enforced at 30 login attempts per hour per user/IP before a temporary block.
- Locked accounts will automatically unlock after 30 minutes or can be manually reset by an admin.
Login Risk Rating & Detection
We’re introducing a new risk-based system that analyzes:
- Geolocation: Detects logins from unexpected regions.
- Frequency: Flags repeated or rapid attempts.
- Device Fingerprinting: Identifies shared or suspicious device use.
If a login is flagged as high-risk, additional verification may be required. All risk events will be logged for auditing.
What to Expect
Beginning today, you’ll see new MFA prompts and stricter failed login controls. You may be temporarily locked out if you exceed these limits.
Need help or setup support? Contact support@uprightlabs.com — our team is ready to assist.
✅ Thank you for helping us maintain a secure and reliable platform for all users.