windows 8 sign-in optioins – Password Recovery https://www.top-password.com/blog Provide useful password recovery tricks, guides and software Mon, 22 Jul 2013 07:37:51 +0000 en-US hourly 1 https://wordpress.org/?v=6.4.1 Account Lockout Policy Not Working for New Sign-in Options in Windows 8 https://www.top-password.com/blog/account-lockout-policy-not-working-for-new-sign-in-options-in-windows-8/ Mon, 22 Jul 2013 07:35:52 +0000 http://www.top-password.com/blog/?p=2837 One of the changes in Windows 8 that draws the most attention is the sign-in options. Windows 8 allows you to log on using Microsoft account, four-digit PIN and picture password, as alternate sign-in options for conventional text password. However, I discover that the Account Lockout policy is not working for the new sign-in options.

I set the number of logon attempts before locking the system, and specify the Account Lockout duration using the Local Security Policy Editor in Windows 8.

account-lockout

After enabling the account lockout policy, restart the system. When it boots to the Windows 8 logon screen, I try several wrong passwords with my Microsoft account intentionally, Windows keeps saying password is incorrect but never lock my Microsoft account, and I can then immediately log into the system using a correct password. The same thing happens with PIN code and picture password.

I think this is a great security hole or bug with Windows 8 operating system. Account Lockout policy is designed to disable a user account if an incorrect password is entered a specified number of times over a specified period. It help you to prevent attackers from guessing users’ passwords, and they decrease the likelihood of successful attacks on your network.

So I think it’s more secure to use a traditional text password than using the new sign-in options: Microsoft account, four-digit PIN and picture password.

]]>