The best policy to deter a brute-force login attack is account lockout threshold. A brute-force login attack is a type of attack that tries to guess a user’s password by trying different combinations of characters until it finds the correct one. This attack can be performed manually or with automated tools that use dictionaries, wordlists, or algorithms. An account lockout threshold is a policy that specifies how many failed login attempts are allowed before an account is locked out temporarily or permanently. This policy prevents an attacker from trying unlimited password guesses and reduces the chances of finding the correct password.