Move to data-driven decision making with my new NPS survey software.

All my readers receive 10% off for life with code: ian

account lockout

March 20, 2005

"If you're going to configure Account Lockout policies in a real-world environment, set the Account Lockout Threshold policy to something high like 50 or 100 invalid logon attempts." - (via

I couldn't agree more. I've dealt with many an overzealous IT administrator who thinks anything higher than 3 is a security risk. This is just incorrect when you look at real world attacks and more importantly is poor policy from a users perspective.

→ Share your thoughts with me on Twitter
Don't Miss My Critical Posts

I won't bother you with short posts or off topic musings. You'll also receive my ebook on enterprise sales for bootstrappers for free.