My girlfriend is on a business trip in another country, and she was trying
to book herself a plane ticket back (her stay was longer than expected). She
tried to login to the travel company's web site, but she wasn't sure about
the username (picked by her company) and password (she has several), so she
failed the login 3 times. Without any notice, her account was blocked and
she was told to contact the admin/support tu unblock it. I don't know if
they have customer support available in weekends, but anyway now there is a
good chance she may have to book a later flight and spend another night or
two in the hotel. And it all happened in a few seconds.
Maybe this isn't a very common case, but still I was wondering: couldn't
such situations be avoided? Is security a good enough justification to block
a customer's account? How far should we go?