Account Lockout Policy
Account Lockout Policy
MALAPOTE
T H E R O L E I N S E C U R I T Y
O F
ACCOUNT LOCK OUT
POLICY
Get Started Play Video
Slide 1
ARMENTA, GEROLAO, Home About Contact
MALAPOTE
Learn More
Slide 2
ARMENTA, GEROLAO, Home About Contact
MALAPOTE
Three Options
1. Account Lockout Duration
This is the amount of time an account stays locked after
someone tries to log in with the wrong password too many
times.
Three Options
2. Account Lockout Threshold
This is the number of incorrect login attempts allowed
before the account is locked.
For example, if you set this to 3, the account will lock after
three failed login attempts. If you set this to 0, the account
won't lock at all, even if someone enters the wrong
password repeatedly. This can be set anywhere from 0 (no
lockout) to 999 attempts.
Learn More
Slide 4
ARMENTA, GEROLAO, Home About Contact
MALAPOTE
Three Options
3. Reset Account Lockout Counter After
This option lets you decide how long the system waits
before it "forgets" the failed login attempts.
Slide 5
ARMENTA, GEROLAO, Home About Contact
MALAPOTE
Advantages
Better Security
Stops Hackers: If someone is trying to guess your
password by repeatedly entering wrong ones, the account
will get locked after a few attempts. This makes it harder
for hackers to break in.
Slide 6
ARMENTA, GEROLAO, Home About Contact
MALAPOTE
Advantages
Better
Awareness
If your account getslocked, you know that something
is wrong, & it can encourage you to change your
password and protect your account.
Slide 7
ARMENTA, GEROLAO, Home About Contact
MALAPOTE
Disadvantages
Impact on Users
Inconvenience for Users: A lockout can frustrate users
who forget their passwords or mistype their credentials
multiple times. This can lead to delays in accessing
accounts and increased frustration, particularly if the user
is locked out for an extended period.
Difficulty for Non-Technical Users: Non-technical users
may struggle to understand the reason behind a lockout
or how to resolve the issue, leading to confusion or
helplessness.
Slide 8
ARMENTA, GEROLAO, Home About Contact
MALAPOTE
Disadvantages
Slide 9
ARMENTA, GEROLAO, Home About Contact
MALAPOTE
Disadvantages
Complexity in Configuration
Balancing Security with Usability: Setting the right
number of failed attempts and lockout duration is
difficult. Too many failed attempts might lock out
legitimate users, while too few could allow attackers to
bypass security measures.
False Positives: Some systems may lock out accounts
even when there are no malicious attempts, such as
when users enter incorrect passwords accidentally or
use password managers with misconfigured entries.
Slide 10
ARMENTA, GEROLAO, Home About Contact
MALAPOTE
REFERENCES
Grasdal, M., Hunter, L. E., Cross, M., Hunter, L., Shinder, D. L., &
Shinder, T. W. (2003). MCSE 70-293: Planning, implementing, and
maintaining a security framework. In Elsevier eBooks (pp. 781–
859). https://doi.org/10.1016/b978-193183693-7/50015-4
Slide 11
ARMENTA, GEROLAO, Home About Contact
MALAPOTE
THANK YOU
F O R Y O U R A T T E N T I O N
Slide 12