Identity

Automated brute-force attack blocking added to Windows

Microsoft has added a toggle for automated account lockouts for administrator accounts in Windows systems with the October 2022 cumulative updates in a bid to curb brute-force attacks and attempts, reports BleepingComputer. Such a lockout policy has been added nearly three months after Microsoft Vice President for Enterprise and OS Security David Weston announced that the feature, which locks user and admin accounts for 10 minutes after 10 failed attempts to sign in within 10 minutes, has been enabled by default on the newest builds of Windows 11. "Beginning with the October 11, 2022 or later Windows cumulative updates, a local policy will be available to enable local administrator account lockouts," said Microsoft. Moreover, local administrator accounts have also been required by Microsoft to leverage passwords with "at least three of the four basic character types (lower case, upper case, numbers, and symbols)" for increased complexity to further prevent brute-force attacks.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.