Information
When a user exceeds the maximum number of attempts allowed (the default is 3 attempts) during a certain period of time (the default is 5 minutes) the account used during those attempts will be locked out for a pre-configured lock-out period (the default is 10 minutes). This can be used to mitigated brute force dictionary attacks.
A security event log will be generated as soon as a user account has exceeded the number of allowed attempts and the show>system>security>user command can be used to display the total number of failed attempts per user.
The account will be automatically re-enabled as soon as the lock-out period has expired.
Solution
Run the following command on the device to implement account lockout: configure system security password attempts <num> time <minutes> lockout <minutes>