Which of the following is a common security practice to protect against…

2025

Which of the following is a common security practice to protect against brute-force attacks?

  1. A.

    Using weak passwords

  2. B.

    Account lockout policies

  3. C.

    Disabling firewalls

  4. D.

    Sharing login credentials

Attempted by 6 students.

Show answer & explanation

Correct answer: B

Answer: Account lockout policies are a common security practice to protect against brute-force attacks.

Explanation: Account lockout policies work by temporarily locking an account or introducing delays after multiple consecutive failed login attempts, which slows or stops automated password-guessing attempts.

  • Recommended practices: set a reasonable failed-attempt threshold (for example, 5–10 attempts) and prefer temporary locks or progressive delays rather than permanent disabling.

  • Combine account lockout with complementary measures such as rate limiting, CAPTCHAs, multi-factor authentication, and monitoring/alerts for repeated failures.

  • Be aware of trade-offs: attackers can sometimes abuse lockout policies to cause denial-of-service by intentionally triggering lockouts. Consider progressive delays or anomaly-based protections to mitigate this risk.

  • Monitor lockout events and investigate unusual patterns to detect and respond to attack attempts.

Why the other choices are not appropriate:

  • Using weak passwords: This increases the chance that an attacker succeeds with a brute-force or dictionary attack; instead enforce strong, unique passwords and use MFA.

  • Disabling firewalls: Removing firewall protections weakens overall security and does nothing to stop password-guessing attacks against authentication systems.

  • Sharing login credentials: This undermines accountability and increases exposure; use individual accounts, role-based access, and credential management instead.

Explore the full course: Computer Science