Windows will turn on brute force attack protection by default

Brute Force

Mmm, that turns me on! Windows 11 22H2 is currently in testing, available or Insiders with a massive list of changes and new features fitting for the first update for the operating system.

Many of these improvements are visible to users, some are not. One such option that is in the second column is one that you will have to dig deeper to uncover.

It is improved protection against brute force attacks.

While this is something that is norm on other platforms and services, it is only now that it is being rolled out on Windows. Microsoft first added implemented this in Windows 2000 over two decades back, but the company is now turning this option on by default.

The switch is flipped, starting with Windows 11 22H2, build 22528.1000 and higher.

David Weston, Microsoft OS Security and Enterprise VP, recently tweeted about this new protection technique to Insiders.

Account Lockout Policy

This security measure works just as you imagine it would. The operating system effectively locks the system after ten failed attempts to guess the local password. The presence of this makes it much harder to get into the system using brute force tactics.

According to Weston, this technique is very commonly used in Human Operated Ransomware and other attacks. A brute force attack is also a popular way that bad actors leverage to get into systems, sometimes using Remote Desktop Protocol (RDP).

David Weston further confirmed that the new lockout policies are coming to Windows 10 as well.

These new policies are available in Local Group Policy Editor by navigating to Computer Configuration > Windows Settings > Security Settings > Account Lockout Policy. By default, Windows 11 locks out after ten failed attempts to guess the password in ten minutes.

But IT admins can configure these values according to their needs.