Account lockout policy is an important security standard in windows, established solely to prevent an intruder's access to systems. Account lockout policy prevents the breach, however it doesn't explain the sources and causes for the actions explicitly. Unlocking accounts without knowing the cause opens the gate again. The unknown cause could very well be a potential threat or a program with the expired credential. Also, on the other side of the lock out action, locked out accounts deny service for regular users, resulting in help-desk requests. Next, a "brute force attack" intended for password hacking could lock out multiple accounts and this is called as Denial of Service (DoS) attack.
New problems are created, each solved through Password Control Centre’s Account Lockout Tool.
Account Lockout Tool solution
Understanding Lockouts
With the Account Lockout Tool you know the reasons for the lockout before you unlock. The information helps you in following ways
Potential security threats such as Conficker virus can be identified
Brute Force Attacks / Denial Of Service Attacks can be understood
Regular user’s suffering rate could be estimated. This helps in revisiting your account lockout policy
Account lockout policy should be balanced to ignore regular user mistake attempts.
Understanding Failures
If you are more concerned about security, you could also find the reasons for every individual password failure attempt.
Instant Lockout Notification
Account lockouts are signalled to administrators instantly. This draws administrators’ attention at the right time. Potential threats are immediately notified in real-time. If a regular user is locked out, the user does not necessarily have to raise an action request, as notification from the Account Lockout Tool indicates the state automatically & instantly. This increases productivity.
