An enterprise may offer a variety of services to a user. Some of these services may require the authentication of user credentials before access is granted to the services. To prevent a malicious entity from guessing the correct user credentials, an enterprise may limit the number of incorrect attempts at authentication to a specific number. However, this may lead to freezing out a user, from a user account, that made honest mistakes when entering credentials.