Skip to main content

Windows 11 will soon lock out hackers who try to guess your password

Windows 11 logo on a laptop screen
(Image credit: Shutterstock)

Microsoft is preparing to roll out a new security update for Windows 11 that will make it more difficult for hackers to exploit its remote desktop protocol (RDP) when launching ransomware attacks.

As reported by BleepingComputer (opens in new tab), recent Windows 11 Insider builds now come with the software giant’s Account Lockout Policy enabled by default. This policy automatically locks user accounts as well as admin accounts for 10 minutes after 10 failed sign-in attempts.

While this new policy may be annoying for users who frequently forget or type their Windows passwords incorrectly, brute forcing is a common tactic used by hackers when trying to gain access to your Windows PC using RDP if they don’t know the password.

In a recent tweet (opens in new tab), VP for enterprise and OS security at Microsoft, David Weston provided further insight on the company’s new Account Lockout Policy, saying:

“Win11 builds now have a DEFAULT account lockout policy to mitigate RDP and other brute force password vectors. This technique is very commonly used in Human Operated Ransomware and other attacks - this control will make brute forcing much harder which is awesome!”

Also coming to Windows 10

Although Microsoft’s new Account Lockout Policy will roll out to stable builds of Windows 11 first, it’s also being backported to devices still running Windows 10.

Unfortunately, it’s not enabled by default and admins will need to go into the operating system’s Group Policy Management Console to turn it on.

RDP has been used for years now to easily allow employees to connect to their office computers while working from home but it became incredibly important during the pandemic when remote working became the norm.

As attacks targeting RDP services have increased, so too have the number of dark web marketplaces selling stolen RDP credentials. 

Making things difficult for ransomware groups

Man looking at a locked computer

(Image credit: Shutterstock)

In addition to making Windows passwords more difficult to brute force using automated tools, Microsoft has also made a number of security-focused changes to better protect Windows users.

These include automatically blocking macros in Office when opening documents downloaded from the internet and requiring users to enable multi-factor authentication (MFA) in Azure Active Directory.  

RDP is often used as an initial access point when infecting Windows systems with ransomware, so Microsoft’s new Account Lockout Policy will prevent hackers from figuring out users’ passwords which will hopefully stop them from launching ransomware attacks.

Anthony Spadafora
Anthony Spadafora

Anthony Spadafora is the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to password managers and the best way to cover your whole home or business with Wi-Fi. Before joining the team, he wrote for ITProPortal while living in Korea and later for TechRadar Pro after moving back to the US. Based in Houston, Texas, when he’s not writing Anthony can be found tinkering with PCs and game consoles, managing cables and upgrading his smart home.