About

Password guessing is a common type of security attack. In this type of attack, a hacker attempts to log in to a computer using various combinations of usernames and passwords.

The best method to prevent it is to implement user lockouts

same as Security - Brut Force Attack ?

User lockout parameters

Example:

• Lockout Threshold: The maximum number of consecutive invalid login attempts that can occur before a user's account is locked out.
• Lockout Duration: The number of minutes that a user's account is locked out.
• Lockout Reset Duration: The number of minutes within which consecutive invalid login attempts cause a user's account to be locked out.