account lockout policy – Password Recovery https://www.top-password.com/blog Provide useful password recovery tricks, guides and software Mon, 22 Jul 2013 07:37:51 +0000 en-US hourly 1 https://wordpress.org/?v=6.4.1 Account Lockout Policy Not Working for New Sign-in Options in Windows 8 https://www.top-password.com/blog/account-lockout-policy-not-working-for-new-sign-in-options-in-windows-8/ Mon, 22 Jul 2013 07:35:52 +0000 http://www.top-password.com/blog/?p=2837 One of the changes in Windows 8 that draws the most attention is the sign-in options. Windows 8 allows you to log on using Microsoft account, four-digit PIN and picture password, as alternate sign-in options for conventional text password. However, I discover that the Account Lockout policy is not working for the new sign-in options.

I set the number of logon attempts before locking the system, and specify the Account Lockout duration using the Local Security Policy Editor in Windows 8.

account-lockout

After enabling the account lockout policy, restart the system. When it boots to the Windows 8 logon screen, I try several wrong passwords with my Microsoft account intentionally, Windows keeps saying password is incorrect but never lock my Microsoft account, and I can then immediately log into the system using a correct password. The same thing happens with PIN code and picture password.

I think this is a great security hole or bug with Windows 8 operating system. Account Lockout policy is designed to disable a user account if an incorrect password is entered a specified number of times over a specified period. It help you to prevent attackers from guessing users’ passwords, and they decrease the likelihood of successful attacks on your network.

So I think it’s more secure to use a traditional text password than using the new sign-in options: Microsoft account, four-digit PIN and picture password.

]]>
How to Make Your Windows Login Password More Secure https://www.top-password.com/blog/how-to-make-your-windows-login-password-more-secure/ Sat, 16 Jun 2012 07:13:29 +0000 http://www.top-password.com/blog/?p=493 When it comes to computer data security people rely on passwords as the first line of defense. While it is recommended that you choose passwords as a mix of letters, digits and symbols it is also a good practice to keep changing them from time to time.

If you use password protection to log on to your Windows machine, you can set some rules and standards to change the default behavior and enhance protection policies. Let us see how to do this and check out the available options.

Part 1: Enable Password Policy

Navigate to your Control Panel and launch Administrative Tools. Be sure that you are logged in as the administrator to be able to make changes. Within Administrative Tools  you would find an option named Local Security Policy.

Next, open this location (double click) Local Security Policy and pilot to Security Settings -> Account Policies  -> Password Policy from the navigation pane on the left.

Now, if you look on the right side you would find a list of policies and associated security settings. These are basically flags that are either enabled or disabled. You may change their current state to map them to your requirements. Let us learn what each one of these means.

Note: Before we start looking into each one of them, let me also tell you that you just need to double click on any policy to open its configuration window. Then, as shown in the respective images, either enter the number of days or enable the flag and Apply.

Enforce Password History

With this option you can set the number of unique passwords that you have to use before you can reuse an old password. You may set the number between 0 and 24.

Maximum Password Age

This setting determines the maximum number of days for which a password can be used before the system will require the user to change it. The number varies between 1-998 days.

Minimum Password Age

This setting determines the minimum number of days for which a password must be used before the user can change it. The number varies between 1-998 days.

Minimum Password Length

A user can define the minimum number of characters that a password must contain for it to qualify as a valid password. It can be set between 1-14 characters.

Password Must Meet Complexity Requirements

The complexity requirement enforces that a password must be at least 6 characters long, must have upper and lower case, digits and symbols and cannot be same as the current user name.

Store Passwords Using Reversible Encryption

This setting is not recommended as it is equivalent to storing the user password in plain text. Sometimes it may be required for applications for authentication purpose. Try and avoid touching it.

Part 2: Enable Account Lockout Policy

Account Lockout Policy disables a user account if an incorrect password is entered a specified number of times over a specified period. These policy settings help you to prevent attackers from guessing users’ passwords, and they decrease the likelihood of successful attacks on your network.

Navigate to Security Settings -> Account Policies  -> Account Lockout Policy from the navigation pane on the left. You can set

Account Lockout Duration

Allows you to specify a time frame after which the account will automatically unlock and resume normal operation. If you specify zero minutes the account will be locked out indefinitely until an administrator manually unlocks it.

Account Lockout Threshold

Specifies the number of failed login attempts allowed before the account is locked out. If the threshold is set at 3 the account will be locked out after a user enters incorrect login information 3 times within a specified time frame.

Reset Account Lockout Counter After

This policy defines a time frame for counting the incorrect login attempts. If the policy is set for one hour and the Account Lockout Threshold is set for 3 attempts a user can enter the incorrect login information 3 times within 1 hour. If they enter the incorrect information twice, but get it correct the third time the counter will reset after 1 hour has elapsed (from the first incorrect entry) so that future failed attempts will again start counting at 1.

Conclusion

Do try and explore as much as you can. This is a good way to enhance your computer security. Also, you should keep changing the settings from time to time .

]]>