My account is locked — what to do

If you can't log in to Wevion, your account may be temporarily locked. Most lockouts are automatic (5+ failed login attempts) and expire after 15-30 minutes. If lockout persists: use password reset OR contact your admin / support. This is distinct from billing-related restrictions (see acc-118 billing troubleshooting) and 2FA issues (see tr-108 2FA recovery).

Who is this for

Anyone who tries to log in and sees "account locked" / "too many attempts" / "access denied" errors.

Common causes

1. Too many failed login attempts

Default: 5+ failed attempts within a short window triggers automatic lockout. Lockout duration: typically 15-30 minutes.

Fix: wait the lockout window, then try again with correct credentials.

If you forgot password: use the password reset flow (link on login page) instead of guessing.

2. Suspicious activity flagged

Login from unusual IP / device / geo may trigger security lockout.

Fix: check your email — Wevion typically sends a security alert with a verify link. Click to confirm it's you, OR contact admin if you didn't trigger it.

3. Admin manually locked your account

Workspace admin / owner can lock accounts (e.g. departing employee, security incident).

Fix: contact admin / owner. Account-lock is a deliberate action; only they can unlock.

4. Password reset flow in progress

Initiating password reset may temporarily lock the account until the reset email is acted on.

Fix: check email for reset link. Complete the reset OR cancel + retry.

5. Billing-related restriction

Distinct from "lockout": expired subscription, payment failure, or plan downgrade may restrict access (read-only OR blocked entirely).

Fix: see acc-118 billing troubleshooting.

How to recover

Step 1: Wait + retry

For attempt-based lockout: wait 15-30 minutes, try again. Use correct credentials (not guesses).

Step 2: Password reset

If unsure of password OR lockout persists:

1. On login page → Forgot password? link

2. Enter your email

3. Receive password reset email

4. Click reset link

5. Set new password

6. Log in

Backend: POST /api/v1/auth/forgot-password (BetterAuth flow). Email valid for ~24h typically.

Step 3: Check for security alerts

Look in your inbox + spam for emails from Wevion mentioning security / suspicious activity. May contain a verify link.

Step 4: Contact admin / support

If steps 1-3 don't work:

• Your workspace admin can unlock via admin UI (Super_admin / owner role required)

• Wevion support: see tr-110 contacting support

Provide:

• Your email

• Workspace name

• Last successful login (approx date)

• Error message exactly

Admin-side: unlock another user

Super_admin / owner can unlock a locked user:

• /settings → Team → Members

• Find the locked user

• Click Unlock OR Reset attempts

This clears the lockout counter. User can then log in normally.

For departed employees: don't just unlock — also remove their session via team-103 invite-manage-members.

2FA-locked situations

If you're locked because of 2FA issues (lost device, can't access codes):

→ see tr-108 2FA recovery. 2FA recovery is a separate flow from password reset.

Prevention

• Use a password manager — eliminates wrong-password attempts

• Set up 2FA (team-114) — but save backup codes safely

• Verify email + SMS — recovery options work better with verified contact info

• Multi-admin team — if you're a solo admin and lock yourself out, no one else can help via UI; consider adding a backup admin

Common mistakes

• Guessing password repeatedly: locks out instead of resetting. Use password reset early.

• Ignoring security alert email: may have legitimate verify link to unlock immediately

• Asking admin to unlock without telling them why: they may suspect compromise; explain context

• Confusing 2FA lock with password lock: different recovery flows — see tr-108 for 2FA

Common issues

• Lockout persists > 1 hour: likely admin-locked OR suspicious-activity flag. Contact admin.

• Password reset email never arrives: check spam; allowlist noreply@wevion.ai; if persistent, contact support

• Reset link expired: re-initiate password reset

• Account locked but you didn't try to log in: someone may have attempted; treat as security event — change password + check sessions

Related

• 2FA recovery — separate flow for 2FA issues

• Contacting support — when admin can't help

• 2FA setup — strengthen account security