Account lockout is a control that temporarily or permanently restricts login after repeated authentication failures. It matters because repeated guessing attacks become more practical when systems never slow, challenge, or stop them.
What is Account Lockout?
Lockout controls can trigger after a threshold of failed attempts, after suspicious patterns, or in combination with other signals such as password spraying behavior. Good lockout design balances brute-force resistance with denial-of-service and usability concerns.
What Account Lockout Commonly Supports
Common uses include login protection, brute-force mitigation, fraud response, help desk alerting, and account-recovery escalation after suspicious failures.
Account Lockout vs. Unlimited Login Attempts
Unlimited attempts let attackers keep guessing freely. Account lockout imposes a consequence or pause after repeated failures.
Frequently Asked Questions
Why is account lockout important?
Because it can make repeated guessing attacks more expensive and more visible.
Can lockout be abused?
Yes. Poorly designed lockouts can create denial-of-service problems or push support burden onto users and help desks.
Related Cybersecurity Terms
