Home » How To » How to Auto Lockout Windows 10 After Failed Login Attempts

How to Auto Lockout Windows 10 After Failed Login Attempts

In this tutorial, learn how to auto-lock your Windows 10 PC after multiple failed login attempts.

By default, the user account on your PC is protected with a password or PIN and you are required to enter it to log into your account. Generally, you can try as many passwords or PINs as you want to log into the system. For the most part, this is helpful as we all make mistakes every once in a while when typing a password or pin. However, it can also be a security risk because it allows threat actors to brute force (trial & error method) into your user account.

To avoid these kinds of attacks and protect your user account, you can configure Windows 10 to automatically lockout after multiple failed login attempts. For that, you need to enable the “Account lockout threshold” and set how many failed login attempts you’d like to allow.

Without further ado, follow the below steps to configure the lockout policy in Windows 10 to prevent brute force attacks on your user account.

Before You Begin

  • You need administrator rights to follow the below steps.
  • You need to be using Windows 10 Pro or Enterprise edition. If you are using Windows 10 Home, you won’t have access to the Local Security Policy snap-in which is required to set up auto lockout in Windows 10.

Set Windows Lockout Threshold – Auto Lockout After Multiple Failed Login Attempts

  1. Press “Windows key + R” to open the Run dialog.
  2. Enter “secpol.msc” and click “OK“.
  3. Navigate to the “Account Policies” > “Account Lockout Policy” folder.
  4. Double-click the “Account lockout threshold” policy.
  5. Enter the number of login attempts you’d like to allow in the blank field (3, for example).
  6. Click “OK“.
  7. Click “OK” in the “Suggested Value Changes” dialog.
  8. Close the “Local Security Policy” window.
  9. Restart your computer.
  10. With that, you’ve enabled Windows 10 to auto lockout after multiple failed login attempts.

Detailed Steps (With Screenshots)

First, open the Local Security Policy snap-in. To do that, press the “Windows key + R,” enter “secpol.msc”, and click “OK”. Alternatively, open the start menu, search for “secpol.msc” and click on the search result.

In the Local Security Policy window, expand the “Account Policies” folder on the left panel and then select the “Account Lockout Policy” folder.

open local security policy and go to account lockout policy folder

On the right panel, find and double-click the “Account lockout threshold” policy.

open account lockout threshold policy

In the properties window, enter the number of invalid login attempts you want to allow in the “Account will lock out after” field. In my case, I want the system to lock out after 3 invalid login attempts. So, I entered “3” in the field. Click the “Apply” and “Ok” buttons to save changes.

set account lockout threshold

As soon as you click the OK button, Windows automatically suggests and sets two other required policies. i.e., “Account Lockout Duration” and “Reset Account Lockout Counter After”. By default, both of these are set to 30 minutes. Let the defaults be and click the “OK” button.

Note: You can always change the lockout threshold and other settings in the future.

click ok

Once you are done setting up the policy, this is how the main “Local Security Policy” window looks like.

Windows 10 account lockout setup complete

Finally, restart your computer to apply all the changes you just made.

That is it. From now on, if there are more than 3 (or however many login attempts you allow while setting up the policy) failed login attempts, Windows 10 will automatically lockout.

Windows 10 account lockout in action

Once the lockout is triggered, you will see the “The referenced account is currently locked out and may not be logged on to” message on the login screen. No one (including you, the actual user) can log into the user account, even with the correct password, until the account lockout duration is completed.

For example, assuming you’ve configured the lockout settings as shown in this tutorial, if someone tried to log into your user account and failed 3 times in a row, Windows 10 will lockout. Once the lockout is triggered, no one can log into the user account, even with the correct password, for the next 30 minutes. After thirty minutes, you can try again.

Remove Lockout Threshold

If you ever want to remove the account lockout threshold, follow the below steps:

  1. Open the “secpol.msc” tool.
  2. Go to the “Account Policies” > “Account Lockout Policy” folder.
  3. Double-click the “Account lockout threshold” policy.
  4. Enter “0” in the “Account will lock out after” field.
  5. Click “OK“.
  6. Click “OK” in the “Suggested Value Changes” dialog.
  7. Close the “Local Security Policy” window.
  8. Restart your computer.

Wrapping Up — Windows 10 Auto Lockout

As you can see, thanks to the built-in options, protecting your user account in Windows 10 from brute force attacks and password guesses is fairly simple. In fact, if you travel a lot or are just security conscious, I strongly recommend you configure the Windows lockout policy as soon as possible. For added security, enable logging logon and log out activities and check them as needed to know who has logged in or if there are any failed attempts.

If you have any questions or need help, comment below. I’ll be happy to assist. Also, on the other hand, if you prefer easy login and don’t mind the lack of security, check out how to configure Windows 10 to automatically log into your user account without entering the password or pin.

Leave a Comment

Your email address will not be published. Required fields are marked *