Account lockout

Security feature used with operating systems and services with a login that locks any account that has failed a login attempt more than a set parameter. For example, a system could be setup to lock an account for one hour if the user fails the login five times in a ten-minute time frame. This keeps the account secure by preventing anyone or anything from guessing the username and password. If your account is locked, you must wait the set amount of time before being able to log into your account again. In the picture below of the Windows XP GPO, is an example of where this policy can be setup in Windows.

Windows account lockout

In the above example image, are three default policies. The Account lockout duration allows you to specify how many minutes the account remains locked once triggered. The Account lockout threshold allows you to specify how many invalid logins can occur before locking the account. Finally, the Reset account lockout counter after specifies the length in minutes the counter will reset if there have been no failed attempts. A good setting for most users is 60, 10, and 30.

Also see: Login, Security terms