The unlock self-service allows end-users that have been locked out because of too many login failures to unlock the user account by providing the 2nd authentication factor. The user can then try to log in again.
The self-service can only be used a limited amount of times before the account is locked in a way that it can no longer be unlocked by the end-user.
As an alternative to unlocking, the user can be given the possibility to order a new password letter.
The unlock self-service has been shown to substantially reduce help desk calls arising from forgotten passwords.
Username enumeration (stealth mode).
The unlock self-service may provide information about the existence of user accounts. An adversary may use it to find user accounts.