Microsoft says brute force attacks are one of the most common ways cybercriminals use to target the Windows operating system. These are threats where the attacker uses trial and error to crack encryptions and passwords. Microsoft Security says it is currently implementing tools that limit the number of attempts by threat actors to hijack accounts.
In theory, attackers have an unlimited number of attempts to crack a password. If the password is weak, they will probably guess it. Proper security tools provide protection, but Microsoft wants to go further to protect Windows against brute force attacks.
According to the company, it adds a local policy that will allow IT administrators and security teams to configure Windows to automatically block brute force attempts. All you need is a Windows system that is still supported by Microsoft and receiving updates.
Microsoft says the new capability is rolling out starting October 11, 2022 in Windows Cumulative Update packages for October 2022 Hotfix Tuesday.
Admins need to enable the feature, which can be done by choosing the “Allow admin account lockout” policy via Local Computer PolicyComputer ConfigurationWindows SettingsSecurity SettingsAccount PoliciesAccount Lockout Policies in the local group policy editor.
In a support blog post, Microsoft also tells users that it is useful to enable other options in the account lockout policy. These inputs are Account Lockout Threshold, Account Lockout Duration, and Reset Account Lockout Counter.
Microsoft suggests using a 10/10/10 policy. Essentially, this means that Windows will automatically lock an account if there are 10 failed password attempts within a 10 minute period, then keep the account locked out for 10 minutes.
People with new hardware running Windows 11 version 2022 will see lockdown policies enabled by default.
Tip of the day: The Windows Sandbox offers Windows 10/11 Pro and Enterprise users a safe space to run suspicious applications without risk. In our tutorial, we show you how to enable the Windows Sandbox feature.