SEARCH

How-To Geek

Temporarily Lock Your PC if Somebody Tries to Guess Your Password

Have you ever worried that someone could figure out your password by trying different key combinations?  Here’s how you can prevent this by temporarily locking your computer when the password is entered incorrectly a couple of times.

What we’ll do is use Windows security settings to temporarily lock out the account for 30 minutes whenever the wrong password is entered 3 times. This will prevent them from being able to repeatedly guess your password, or at least make it take a lot longer.

Important Note: This setting can also let somebody prank you by incorrectly entering the password 3 times and lock you out for 30 minutes. It would be wise to have another administrator account that can unlock the regular account. Either way, use caution with this setting.

Secondary Note: if somebody has physical access to your PC, they can easily reset your Windows password with the Ubuntu Live CD, the System Rescue CD, or the Ultimate Boot CD, unless you are using total drive encryption with TrueCrypt or BitLocker.

Change Your Local Security Policy

To change your password settings, open the Local Security Policy settings dialog.

Please Note: Local Security Policy is only available on Business, Professional, Enterprise, and Ultimate versions of Windows 7 and Vista.  If you’re using Starter, Home Basic, or Home Premium, you’ll need to use the Command Prompt method listed below.

To open Local Security Policy, simply enter it in the Start menu search box and select the correct entry.

image

Now, double-click Account Policies on the left and select Account Lockout Policy.

image

By default, your account should not automatically lock out when the password is entered incorrectly.  To change this, double-click on the Account lockout threshold entry.

image

In this dialog, enter the number of times you want to allow before your account will lock out.  We entered 3, so our account will automatically lock out if the password is entered incorrectly 3 times in a row.  Click Ok to save your settings.

image

Windows will prompt you to set suggested settings for Account lockout duration and the length of time to Reset account lockout counter.  This will choose 30 minutes by default; you can select another time, or go with the defaults by clicking Ok.

image

You’ll now see your new settings in the Local Security Policy dialog.  With our settings, our account will be locked for 30 minutes if the password is entered incorrectly 3 times in a row.  If you want to change the settings, simply repeat these steps and enter the new settings you want.

image

Change Password Settings in Command Prompt

If you’re using a home edition of Windows, or prefer working in command prompt, you can change the password lock settings directly from command prompt.  First, open an Administrative command prompt.  To do this, right-click on the Command Prompt link in the Start menu and select Run as Administrator.

image

Now, in the command prompt, enter the following:

net accounts

This will list your current password policy, which by default should Lockout threshold: Never which means that your account will not lock you out if the password is entered incorrectly.

image

Let’s change this to automatically lock us out when then password is entered incorrectly.

Please Note: Before you proceed, make sure to complete the full directions, or you could permanently lock your accounts on a  Home Premium computer.

To change the setting and make your login automatically lock you out, enter the following, substituting the number at the end with the number of times you want to allow the password to be entered before the account is locked.  Make sure to set this as 1 or more.

net accounts /lockoutthreshold:3

Here we set the account to lock out after the password is entered incorrectly 3 times.

image

Now, you need to set how long the account will be locked when the password is entered incorrectly.  Enter the following, again choosing any option over 1.  We set our computer to lock for 30 minutes, but you can choose less or more, depending on your needs.

net accounts /lockoutduration:30

Then enter the following to choose how long to wait before the incorrect login count is reset.  We recommend entering the same number you used for the lockout duration.

net accounts /lockoutwindow:30

Once you’re finished, you can enter net accounts again to review your settings.  They should look something like the settings below, depending on what you chose.

image

Now you’re all set.  Your account will automatically prevent people from logging in if the password is entered incorrectly too many times.  If you ever want to change or remove the settings, just repeat the steps with the new options you want.

Let’s see how this works in action.

Logging In With The Password Limit

After setting your new password policy, your login experience won’t be much different than before unless you enter your password incorrectly.  The main login screen won’t look any different than before; just select your user account and enter your password as before.

image

If the password is entered incorrectly, you’ll be prompted that it’s incorrect.  Click Ok, and then go back and enter the password again.

image

Then, if you enter the password incorrectly more than the number of times you set before, you’ll be prompted that the account is current locked.  You’ll need to wait the length of time you set before you can log in again.  In our test here, we entered the password incorrectly 3 times, and then had to wait 30 minutes before we could try again.

image

While this may not make your computer fully secure, it does help keep people from casually snooping on your computer while it’s running.  This will make it much harder for someone to guess your password, since they’ll be blocked out after entering it incorrectly several times. 

Don’t forget that you can quickly lock your computer by pressing Win+L on your keyboard, which is a good idea if you want to keep your data safe when you’re away from your desk.  Also, you can set your computer to automatically switch to the login screen when you’re away if you wish.

Matthew digs up tasty bytes about Windows, Virtualization, and the cloud, and serves them up for all to enjoy!

  • Published 09/27/10

Comments (12)

  1. JM

    or “how to disable your friends PCs for 30min by hitting win+L and hitting random chars 3 times”.
    while this policy is useful for corporate machines, I would not recommend it for home use ;)

  2. Matthew Guay

    @JM – Or “How to make sure your computer will be unusable for 30 minutes if your toddler wakes up before you.” ;) hehe

    At any rate, this does have its uses. The best use I see is for laptops. It’s a great way to make sure your “friend” can’t access your stuff while you walk up and order a Latte at Starbucks… Alternately, if you have a work machine at home and need to make sure no one else can access very sensitive data, it’s a quick extra protection layer. But again, it isn’t for everyone :)

  3. Miss Andrea Borman

    I never lock my laptop with a password at all. I do not see the need to password protect my computer when it is a home computer and I am the only one that uses it. But even if it was shared with friends there are too many problems if you lock it with a password as this post shows. Yes I have an administer account also called user account and I have set up a guest account. But neither are locked with a password. You just click on user or click on Guest and the computer opens. The reason computers are locked with a password or password protected is to stop other users from changing the settings or uninstalling or downloading software. But I dont think any of my friends would do that. Andrea.

  4. Peter

    Andrea – “The reason computers are locked with a password or password protected is to stop other users from changing the settings or uninstalling or downloading software” If you think that is the only reason to lock your computer you are severely mistaken. What if the computer is lost or stolen. I’m sure you don’t think you have any really personal information on there, but you do.

    And enabling the Guest account without a password is one of the most dangerous things you can possibly do to a computer. Of course if none of your accounts are protected, it doesn’t really matter if the Guest account is also.

    The only password related problem this technique creates is a denial-of-service situation where someone could enter an incorrect password and lock you out of your own machine. As annoying as that is, there is a time limit so it wouldn’t be a permanent problem.

  5. Allen

    Note that you can only set the lockout duration to either the same time as the lockout window or greater through command prompt. So, if you want to set lockout duration to, let’s say five minutes, when the lockout window is still at the default of 30 minutes, the command prompt will give you an error. The lockout window time should be changed first.

  6. Diana

    But what if we have lost our Windows 7 or Vista Password?When we guess the password,the account will not be logged on to.It is very annoying,In this situation,Windows Password Key come to help.
    Windows Password Key is a powerful Windows Password Recovery software, Download and make your password reset disk first when you add a password to your PC.

  7. Troy

    The commands for changing the lockout duration via the command line need to be reversed.

    This should be first:
    net accounts /lockoutwindow:30

    Then this second:
    net accounts /lockoutduration:30

  8. Roobot

    Can you make it lock the password box for 10min but have the message say the password box is locked out for a lot longer so they give up.

    THE ACCOUNT IS CURRENTLY LOCK FOR 24HR,BETTER LUCK TOMMOROW

  9. ani

    Will keep some disturbing elements away from my laptop thanks

  10. Pai

    I have a question: lets asume you have to wait the 30 minutes, couldn’t you just reboot and change the time in bios to skip a few minutes?

  11. Geekling

    Cool did it and it worked but now realise it affects ALL THE ACCOUNTS!!! And i dont know how to remove it could try stuff but to risky HELP PLEASE!!!

  12. tomm

    If I want access to a *locked* Windows PC, I’ll just stick an Ubuntu Live USB in. If you want security, you’d better encrypt your HDD.

Get Free Articles in Your Inbox!

Join 134,000 newsletter readers

Email:

Go check your email!