An account lockout policy is put in place to lock an account after a predetermined number of failed login attempts. This mitigates the risk of password spraying attacks, which rely on trying a few common passwords against many accounts. By limiting the number of attempts, it becomes less feasible for an attacker to guess passwords across multiple accounts without triggering the account lockout policy.
Learn More
AI Generated Content may display inaccurate information, always double-check anything important.
What is a password spraying attack?
How does an account lockout policy work?
What are the benefits of implementing an account lockout policy?