I'm not sure "good or bad ux" is the right way to frame it. This is a security issue first and foremost.
I think it's more about locking the account after 4 failed tries, and is this a good and effective security practice?
And if so, what industries and applications should embrace this approach, are there any possible affordances, and in what industries and applications is this overkill?
And, if not, what is a better or smarter approach for user authentication that is secure, more tolerant of user mistakes, and user friendly?
Further, it might depend on the platform. So, for example, there may be authentication methods that are better suited for mobile, which aren't possible on web and vice versa.
I'm not sure "good or bad ux" is the right way to frame it. This is a security issue first and foremost.
I think it's more about locking the account after 4 failed tries, and is this a good and effective security practice?
And if so, what industries and applications should embrace this approach, are there any possible affordances, and in what industries and applications is this overkill?
And, if not, what is a better or smarter approach for user authentication that is secure, more tolerant of user mistakes, and user friendly?
Further, it might depend on the platform. So, for example, there may be authentication methods that are better suited for mobile, which aren't possible on web and vice versa.