Shulou(Shulou.com)11/24 Report--

CTOnews.com, October 12 (Xinhua) brute force cracking (Brute force attack), even using trial and error tactics to crack passwords and encryption keys, is one of the most common methods used by cyber criminals to attack Windows devices. Without proper security tools, attackers can try to guess the password of an account indefinitely. And if the password is weak, it will soon be broken.

Microsoft is taking action on this issue, allowing IT administrators to configure any Windows system that is still receiving security updates to automatically prevent brute force cracking of local administrator accounts. Starting with Windows cumulative updates on or after October 11, 2022, a new local policy will be available to enable local administrator account locking.

To use this feature, IT administrators can enable the allow administrator account lockout (Allow Administrator account lockout) policy under Local Computer Policy / Computer Configuration / Windows Settings / Security Settings / Account Policies / Account Lockout Policies in the local group policy editor.

Microsoft also recommends enabling other entries under the account lockout policy: account lockout duration, account lockout threshold, and after resetting the account lockout counter. The company recommends the 10-10-10 strategy, in which an account will be locked after 10 failed attempts within 10 minutes, which will last for 10 minutes, after which the account will be automatically unlocked.

CTOnews.com has learned that the administrator account lockout policy will also be enabled by default in new devices in the Windows 11 22H2 version or in any system settings that contain cumulative updates to Windows on October 11, 2022 before the initial setup.

In addition, if you use a local administrator account, Microsoft now enforces complex passwords on new devices. Passwords must meet at least three of the four requirements: lowercase letters, uppercase letters, numbers, and symbols. According to Microsoft, these will help "further protect accounts from being damaged by violent attacks".

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.