Not all threats to your computer come from viruses and dodgy emails. Some people will simply try to smash their way into your PC by generating as many passwords as possible until they gain access, like a lock picker. Windows 11 can now stop that.
The most recent Windows 11 build blocks these brute force attacks with an Account Lockout Policy. Windows will automatically lock down accounts, including administrator accounts, after 10 failed login attempts.
“Win11 builds now have a default account lockout policy to mitigate RDP and other brute force password vectors.” said David Weston, Microsoft vice president of Sscurity and enterprise in a tweet earlier today. “This technique is very commonly used in Human Operated Ransomware and other attacks — this control will make brute forcing much harder, which is awesome!”
@windowsinsider Win11 builds now have a DEFAULT account lockout policy to mitigate RDP and other brute force password vectors. This technique is very commonly used in Human Operated Ransomware and other attacks – this control will make brute forcing much harder which is awesome! pic.twitter.com/ZluT1cQQh0
— David Weston (DWIZZZLE) (@dwizzzleMSFT) July 20, 2022
Brute force attacks are a common threat to computers, especially enterprise-level networks with hundreds of employees making their own easy-to-remember passwords. Threat actors employ automated password generators that attempt to login into a computer by generating billions of password combinations. Some programs are sophisticated enough to remember which letter and number combinations were a “hit” and then continue shuffling the remaining characters until it hits on the full password.
Unlike email phishing malware, brute force attacks are operated by a person on the other end who is specifically targeting the victim’s computer or network. Once in, they can load ransomware directly into the network and lock up all the devices tied to it until money is paid. These attacks make up 70% to 80% of all enterprise network breaches, according to the FBI.
With Account Lockout Policy, Microsoft puts an end to brute force. The attackers will get locked out after 10 failed attempts to guess the password, which will happen in a matter of seconds. This feature is available on the most recent Windows 11 builds, from Insider Preview 22528.1000 and newer. In addition to Windows 11, the feature is also coming to Windows 10, although it will not be turned on by default.