Why do you have such a low threshold for locking the account and requiring password reset? I got one digit wrong in the memorable word and it said, "We've detected a number of failed login attempts to your KashFlow account. As a result we have locked your account." There were not a number of failed log-ins! There was one. I haven now reset my password, but this happens to me and others in our team every few weeks/months and it is frustrating and feels unnecessary. Could you reconsider the need to lock someone out after one failed log-in attempt, perhaps? I think two failed attempts makes more sense, especially if it is only one digit of the memorable word, as it is easy to miscount or mis-select from the drop-down digits.