By default, TimeGap Theory will lock the user account on the third wrong attempt. In order to successfully test our attack, we would need more than three browser windows. That kind of spoils the fun, doesn’t it? Let us reduce the maximum failed attempt to 1. This way, we just need two browser windows to test.