In light of a major bank in Vietnam launching its digital banking platform and receiving mixed feedback — particularly regarding login rules and account locks — let’s explore how these rules are designed and how InnoTech implements them for clients to ensure system security without causing frustration for users.

First, to log into any company’s trading system, a user must have a registered account and a corresponding password. Typically, incorrect login attempts will result in the account being locked, requiring the user to complete verification procedures to unlock it. For banks and securities companies, this often involves presenting identity documents at a branch.

The common login rule today is that an account will be locked after 5 incorrect password attempts. For securities accounts that only have 6-digit numbers, it is very easy to write a program that sequentially tries all possible accounts, entering wrong passwords 5 times each. In just a few hours, all investor accounts could be locked, causing business disruption. To resume trading, customers must visit the branch to unlock accounts — which is not feasible for thousands of customers in a short time. Would investors want to go through this inconvenience and remain loyal?

Captcha was introduced to mitigate this issue. A Captcha is an image containing a code, which can be 5 letters, numbers, or a phrase arranged irregularly or intentionally distorted to make reading difficult. Studies show that human users have up to an 80% success rate entering Captchas correctly, whereas a computer without proper programming only has a 0.1% chance of success.

Can Captchas be bypassed? The answer is no, although professional programmers can sometimes devise algorithms to "break" a Captcha. To further reduce this risk, a waiting time should be enforced after each incorrect Captcha entry. Having a delay between failed attempts makes automated login attacks much more time-consuming and resource-intensive.

All InnoTech systems advised and deployed for clients include a login module that incorporates Captcha input and temporary account lockouts for a defined period. Configuring these parameters depends on each client’s requirements, but security layers like these are always recommended by InnoTech to ensure system safety and uninterrupted business operations for clients.