This default setting in Windows 11 22H2 can protect your PC against brute force attacks

Reading time icon 2 min. read

Readers help support Windows Report. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help Windows Report sustain the editorial team Read more

One of the most common ways for hackers with direct or remote (RDP) access to your PC to get into your system is with brute force attacks. These attacks involve guessing an admin’s username and password or using an app or script that can do so. Well, turns out that Microsoft’s now ahead of the game, as a default option in Windows 11 22H2 Insider builds can protect against this (via Bleeping Computer).

More specifically, we’re talking about the account lockout duration option under the local group policy editor. This has usually been turned off and disabled by default in other Windows versions, but Windows 11 22H2 turns it on by default and sets it to 10 invalid login attempts in Windows Insider Preview build 22528.1000, or higher. David Weston, who is the Vice President, OS Security and Enterprise at Microsoft shared the news on his Twitter.

Microsoft actually has a dedicated blog post on human-operated ransomware attacks and explains how brute force attacks are used to get into PCs. With the account lockout duration option now on by default and set to 10 invalid login attempts, these attacks are much harder now. This is a huge step for cybersecurity, as the FBI’s own data shows that RDP-type attacks are the most common for ransomware attackers, making up 80% of breaches in their data.