The account lockout threshold specifies the amount of times a user can enter an incorrect password before a lockout will occur. Ensure that a lockout threshold is part of the password policy on the computer. The account lockout feature mitigates brute-force password attacks on the system. The number of incorrect log on attempts should be reasonably small to minimize the possibility of a successful password attack, while allowing for honest errors made during a normal user log on. The locked account will auto-unlock after a few minutes when bad password attempts stop. The computer will accept the still valid password if remembered or recovered. Fix: sudo /usr/bin/pwpolicy -u $CURRENT_USER -setpolicy "maxFailedLoginAttempts=5"

[5 attempts]

sudo /usr/bin/pwpolicy -u $CURRENT_USER -setpolicy "maxFailedLoginAttempts=5"