Account lockout

Updated: 04/26/2017 by Computer Hope

Security feature used with operating systems and services with a login that locks any account that has failed a login attempt more than a set parameter. For example, a system could be set up to lock an account for one hour if the user fails the login five times in ten minutes. Account lockout keeps the account secure by preventing anyone or anything from guessing the username and password. When your account is locked, you must wait the set amount of time before being able to log into your account again. In the picture below of the Windows XP GPO, is an example of where this policy can be set up in Windows.

Windows account lockout

In the above example image, are three default policies. The Account lockout duration allows you to specify how many minutes the account remains locked once triggered. The Account lockout threshold allows you to specify how many invalid logins can occur before locking the account. Finally, the Reset account lockout counter after specifies the length in minutes the counter will reset if there have been no failed attempts. A good setting for most users is 60, 10, and 30.

Login, Security terms