After inputting your password wrong a certain number of times, your account is temporarily locked for say 1 hour. After 1 hour and you input your password wrong a certain number of times. The account becomes locked for 24 hours. If the account has a recovery address. This address is emailed to inform the user, that someone is trying to login, but has inputted the password wrong. It will say " If you are the account holder who uses this email address, is advised to change the password, but you must prove that you are indeed the account holder, and are given options" This would temporarily override the account lockout for say 10 minutes.