Account password lockout- how many failed attempts?

For SOC 2 compliance, we are trying to document Netlify password configuration. How many failed login attempts does Netlify allow you to have before an account lock-out? Can this quantity be determined by the system admin?

I don’t think there’s a limit. But I’ll try confirming.

This is what we heard back:

SOC2 doesn’t require an account lockout policy from individual vendors. It does require organizations undergoing SOC2 to have some sort of lockout tied to their corporate login. We probably do not lockout on failed login attempts, but customers worried about this should enable MFA, or consider upgrading their account to use SSO which would tie the lockout policy to their corporate login.