May 26, 2018

Limit the Number of Failed Login Attempts in Windows 10

Limit the Number of Failed Login Attempts in Windows 10: If you have set a password on the lock screen of Windows 10 to prevent unauthorized users from accessing your system then chances are your PC still might be vulnerable to attackers as they can use brute force to crack your password. To prevent this from happening, Windows 10 provides a way to limit the number of failed login attempts to your PC and you could also set Account Locket Duration.

The referenced account is currently locked out and may not be logged on to:

Limit the Number of Failed Login Attempts in Windows 10

Now there are two ways via which you could customize the above settings via Local Security Policy or Command Prompt. Sadly, Windows 10 Home users can only use the Command Prompt as they don’t have Group Policy Editor. So without wasting any time let’s see How to Limit the Number of Failed Login Attempts in Windows 10 with the help of the below-listed guide.

Limit the Number of Failed Login Attempts in Windows 10

Make sure to create a restore point just in case something goes wrong.

Method 1: Limit the Number of Failed Login Attempts via Local Security Policy

Note: This method won’t work for Windows 10 Home Edition users, please continue to method 2.

1.Press Windows Key + R then type secpol.msc and hit Enter to open Local Security Policy.

Secpol to open Local Security Policy

2.Navigate to the following path:

Security Settings > Account Policies > Account Lockout Policy

Account Lockout Policy

3.Make sure to select Account Lockout Policy then in the right window pane you would see the following three policy settings:

Account lockout duration
Account lockout threshold
Reset account lockout counter after

4.Let’s first understand all the three policy settings before moving forward:

Account lockout duration: The Account lockout duration policy setting determines the number of minutes that a locked-out account remains locked out before automatically becoming unlocked. The available range is from 1 through 99,999 minutes. A value of 0 specifies that the account will be locked out until an administrator explicitly unlocks it. If Account lockout threshold is set to a number greater than zero, Account lockout duration must be greater than or equal to the value of Reset account lockout counter after.

Account lockout threshold: The Account lockout threshold policy setting determines the number of failed login in attempts that will cause a user account to be locked. A locked account cannot be used until you reset it or until the number of minutes specified by the Account lockout duration policy setting expires. You can set a value from 1 through 999 failed sign-in attempts, or you can specify that the account will never be locked by setting the value to 0. If Account lockout threshold is set to a number greater than zero, Account lockout duration must be greater than or equal to the value of Reset account lockout counter after.

Reset account lockout counter after: The Reset account lockout counter after policy setting determines the number of minutes that must elapse from the time a user fails to log on before the failed logon attempt counter is reset to 0. If Account lockout threshold is set to a number greater than zero, this reset time must be less than or equal to the value of Account lockout duration.

5.Now double-click on Account lockout threshold policy and change the value of “Account will not lock out” to a value between 0 to 999 and click OK. For example, in this case, we will set this setting to 3.

Double-click on Account lockout threshold policy and change the value of Account will not lock out

Note: Default value is 0 which means the account will not lock out no matter how many failed login attempts.

6.Next, you will see a prompt saying “Because the value of Account lockout threshold is now 3 invalid logon attempts, the settings for the following items will be changed to the suggested values: Account lockout duration (30 minutes) and Reset account lockout counter after (30 minutes)”.

Change Account lockout threshold

Note: The default setting is 30 minutes.

7.Click Ok on the prompt, but if you still want to change these settings then individually double-click on “Account lockout duration or Reset account lockout counter after” settings. Then change the value accordingly, but do keep in mind the desired number which must be greater or less than the above-specified value.

8.Close everything then reboot your PC to save changes.

This is how you Limit the Number of Failed Login Attempts in Windows 10 using Group Policy Editor but if you are using Windows 10 Home Edition then follow the method.

Method 2: Limit the Number of Failed Login Attempts via Command Prompt

1.Press Windows Key + X then select Command Prompt (Admin).

command prompt with admin rights

2.Type the following command into cmd and hit Enter:

net accounts /lockoutthreshold:Value

Change lockout account threshold value using command prompt

Note: Replace Value with a number between 0 and 999 for how many failed login attempts before the accounts is locked. The default value is 0 which means the account will not lock out no matter how many failed login attempts.

net accounts /lockoutwindow:Value

Set Account lockout duration using Command Prompt

Note: Replace Value with a number between 1 and 99999 for the number of minutes that must elapse from the time a user fails to log on before the failed logon attempt counter is reset to 0. Account lockout duration must be greater than or equal to the value of Reset account lockout counter after. The default value is 30 minutes.

net accounts /lockoutduration:Value

set the value of Reset account lockout counter after using command prompt

Note: Replace Value with a number between 0 (none) and 99999 for how many minutes you want for a locked-out local account to remain locked out before automatically becoming unlocked. Account lockout duration must be greater than or equal to the value of Reset account lockout counter after. The default setting is 30 minutes. Setting it to 0 minutes will specify that the account will be locked out until an administrator explicitly unlocks it.

3.Close the command prompt and reboot your PC to save changes.

Recommended:

That’s it you have successfully Limit the Number of Failed Login Attempts in Windows 10 but if you still have any questions regarding this tutorial then feel free to ask them in the comment’s section.