Account lockout is a cybersecurity mechanism that temporarily disables a user account after a specified number of consecutive failed login attempts. This protective control is primarily designed to defend against brute-force attacks, credential guessing, and automated intrusion attempts by interrupting an attacker's ability to systematically cycle through password combinations until finding the correct one.

Organizations can configure account lockout policies to define the threshold of failed attempts before lockout occurs, the duration the account remains inaccessible, and whether it unlocks automatically or requires administrator intervention. When properly implemented as part of a comprehensive identity and access management strategy, account lockout significantly reduces the risk of unauthorized access while maintaining system integrity and protecting sensitive data from compromise.