More Win11/10 devices get brute-force protection
In every field, there are some techniques similar to "force fly brick", and brute force cracking in network security is a typical example.
The so-called brute force cracking refers to an attacker forcibly trying an account's password by exhaustive enumeration, which can rely on the arithmetic advantage to forcibly achieve cracking in the absence of appropriate security tools to defend the situation.
To deal with this problem, Microsoft has added a new local group policy that enables device administrator account locking starting with all Windows cumulative updates after Oct. 11.
According to the default settings, after the group policy is turned on, once the administrator account attempts to unlock 10 times within 10 minutes and fails, the account will be locked for 10 minutes and then automatically unlocked.
This can effectively increase the difficulty and time cost of the attacker brute force password cracking, to improve the security of the device.
It is reported that this feature will be enabled by default in any device with Windows cumulative updates pushed out after October 11, users can also find it in the
Local Computer Policy/Computer Configuration/Windows Settings/Security Settings
in the Local Group Policy Editor Users can also manually enable the "Allow Administrator account lockout" policy in the Local Computer Policy/Account Policies/Account Lockout Policies path in the Local Group Policy Editor.
Of course, to defend against brute force cracking, in addition to system-level restrictions, users should pay attention to setting more complex passwords, which will effectively reduce the probability of success of brute force cracking.