Which of the following is a common security practice to protect against…
2025
Which of the following is a common security practice to protect against brute-force attacks?
- A.
Using weak passwords
- B.
Account lockout policies
- C.
Disabling firewalls
- D.
Sharing login credentials
Attempted by 6 students.
Show answer & explanation
Correct answer: B
Answer: Account lockout policies are a common security practice to protect against brute-force attacks.
Explanation: Account lockout policies work by temporarily locking an account or introducing delays after multiple consecutive failed login attempts, which slows or stops automated password-guessing attempts.
Recommended practices: set a reasonable failed-attempt threshold (for example, 5–10 attempts) and prefer temporary locks or progressive delays rather than permanent disabling.
Combine account lockout with complementary measures such as rate limiting, CAPTCHAs, multi-factor authentication, and monitoring/alerts for repeated failures.
Be aware of trade-offs: attackers can sometimes abuse lockout policies to cause denial-of-service by intentionally triggering lockouts. Consider progressive delays or anomaly-based protections to mitigate this risk.
Monitor lockout events and investigate unusual patterns to detect and respond to attack attempts.
Why the other choices are not appropriate:
Using weak passwords: This increases the chance that an attacker succeeds with a brute-force or dictionary attack; instead enforce strong, unique passwords and use MFA.
Disabling firewalls: Removing firewall protections weakens overall security and does nothing to stop password-guessing attacks against authentication systems.
Sharing login credentials: This undermines accountability and increases exposure; use individual accounts, role-based access, and credential management instead.