Account Lockout Policy

Account Lockout Policy is a security feature that protects accounts from unauthorized access. If a user repeatedly enters the wrong password, exceeding the maximum allowed number of failed login attempts, the user account will be temporarily locked to prevent further attempts.

It significantly increases the security of user accounts and the organization as a whole and reduces the risk of vulnerabilities, such as brute-force attacks.

Implementing Account Lockout Policy, you can:

• Configure a policy according to the organization’s needs, limiting failed login attempts to prevent unauthorized access.
• Set the time required for a user to attempt to log in again after a lockout.
• Adjust the severity of the policy, if necessary.
• Manually authorize a locked-out user to log in again before completing the lockout period, for exceptional cases.
• Monitor unauthorized access attempts and take the necessary actions.

Implementation

Main configurations

Status

You can define the Account Lockout Policy status, as either active or inactive. By default, the feature is inactive.

Maximum Attempts

In this field, you can set the maximum number of failed attempts before lockout. The default value is 3 attempts.

Blocking Period

You’re able to define a blocking period. It’s how long a user account remains locked after reaching the maximum number of failed login attempts. During this period, the user can’t attempt to log in again, preventing unauthorized access.

By default, the blocking period is set to be 1440, equivalent to 24 hours in minutes.

Logs

Account Lockout Policy generates logs including information about the failed login attempts and account lockouts. With these logs, you can monitor security events, identify potential threats, and troubleshoot issues related to user account access.

Unlocking users

The Account Owner can manually unlock the access of a user who was locked, for exceptional cases, using the Account Lockout Policy logs to identify the lockout.