2.7 Lock Out Accounts if Not Currently in Use

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version


If users with accounts will not be using their account for some time, to reduce the risk of attacks or inappropriate account usage or if suspicions exist that an account might be under attack, disabling the account will secure it and once it's ready to resume use it can easily be re-enabled.


Only have active accounts that will be used.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.


To lock accounts - example:

ALTER USER 'jeffrey'@'localhost' ACCOUNT LOCK;

To unlock accounts - example

ALTER USER 'jeffrey'@'localhost' ACCOUNT UNLOCK;

Note: Works for CREATE as well. It is good practice to LOCK an account if created ahead of time.

Default Value:

Accounts are unlocked by default.

See Also