After a user has tried to login more often than the consecutive_failed_logins_limit and brute-force protection got enabled, what is the expected way to recover the account and reset the password? Does Authlogic expect manual resetting of the failed_login_count attribute in the users table by an administrator?
Use failed_login_ban_for in the user session model to set the number of hours the user should be banned for (the default value is 2 hours).
Examples:
failed_login_ban_for 24.hoursfailed_login_ban_for 0