JB Product
← Back

What Our Security Logs Revealed About a Product Problem

Published on June 17, 2026·2 min read·Lire en français

Share:X / TwitterLinkedIn

It Started With Slack Alerts

Security logs

For several months, we kept receiving alerts automatically raised from our logs:

  • too many login attempts;
  • temporarily locked accounts;
  • password resets.

Taken individually, these events seemed anecdotal.

But their frequency eventually caught my attention.

The Context: A Deliberate Product Choice

At Marion Livraison, we made the choice of having a single account per company.

This choice simplifies:

  • onboarding;
  • billing;
  • administration.

Several employees therefore use the same credentials.

It was a deliberate trade-off.

The Problem Wasn't the Login

By analyzing the alerts, we uncovered a recurring scenario.

An employee forgets the password.

They reset it.

The other employees keep using the old password.

The attempts fail.

The system triggers the brute-force protection mechanism.

The account gets temporarily locked.

The problem wasn't authentication.

The problem was managing a shared secret.

The Perfect Solution Was Disproportionate

We could have built:

  • individual accounts;
  • roles;
  • access administration.

But that would have added significant complexity for a problem that was, in the end, well understood.

So we chose a more pragmatic solution.

Reducing the Frequency of Friction

We added an option:

Remember me for 30 days on this device.

Available for monthly-billed business accounts.

The goal wasn't to eliminate the problem entirely.

The goal was to reduce the number of situations where users had to re-enter a shared password.

Fewer logins.
Fewer resets.
Fewer locked accounts.

What I Take Away From This

Not every product problem is found in user interviews.

Some show up in logs.

Others in support tickets.

Others still in technical alerts.

The role of a Product Manager often consists of connecting these weak signals to understand what they actually reveal.

In our case, repeated security alerts were hiding a friction point tied to a deliberate product choice.

The right answer wasn't to question that choice.

It was to reduce its side effects.

Comments