Can anyone enlighten me on this setting?
Account lockout threshold: Default NO
"Select number of failed login attempts that result in account lockout. This feature may be abused in denial of service attacks."
Two reasons I don't fully understand this is (1) shouldn't the default by "yes" (meaning enable this feature) if this keeps hackers from repeatedly guessing attempts? and (2) why does this state in the default mode "this feature may be abused in denial of service attacks"... wouldn't it be more correctly stated "if set to "no" you might be abused by DOS attacks"?
Am I losing something in translation or what? To me I feel like this should always be set to "yes" and thus would help with DOS attacks. Please advise.