This is an archival post from my newsletter. Join the newsletter to get in the loop.

Account Lockout

“If you’re going to configure Account Lockout policies in a real-world environment, set the Account Lockout Threshold policy to something high like 50 or 100 invalid logon attempts.” – (via

I couldn’t agree more. I’ve dealt with many an overzealous IT administrator who thinks anything higher than 3 is a security risk. This is just incorrect when you look at real world attacks and more importantly is poor policy from a users perspective.

Join my mailing list

Join my mailing list and get a copy of my ebook, Securing the Five Figure Sale, for free. Instantly.