Embodiments of the invention are directed to a system, method, or computer program product structured for identifying potential misappropriation attempts into a technology resource and enforcing a credential lockout. In some embodiments, a system is structured for receiving a user credential associated with a first log-on attempt to access a technology resource, determining whether the user credential matches a stored valid credential, and, if it does not match, performing a misappropriation assessment. The misappropriation assessment includes evaluating and weighting a plurality of potential misappropriation factors, determining a misappropriation score from the weighted plurality of potential misappropriation factors, and adding the misappropriation score to a cumulative misappropriation score for the technology resource. The system is also structured for determining whether the cumulative misappropriation score has reached or exceeded a threshold and, if it has, enforcing a credential lockout for the technology resource.