Security: Why locking out users is a really bad idea

In his article over at NetworkWorld, Mich Kabay gives a nice example of how the theory of security in networked systems tends to clash with reality:

“Locking out an account after only a few failed attempts has a significant impact on legitimate users and tends to cause them to choose simpler passwords or store their passwords insecurely, thus weakening security.”

Even more details about why you just shouldn’t lock out users can be found in the whole article “Locking out users gives attackers a tool for denial of service”.