>Else you end up with a system that rejects every login.

That's called security.

How is it called if a compromised password can still be used to connect per RDP?