Account lockout
Security feature used with operating systems and services with a login that locks any account that has failed a login attempt more than a set parameter. For example, a system could be setup to lock an account for one hour if the user fails the login five times in a ten-minute time frame. This keeps the account secure by preventing anyone or anything from guessing the username and password. If your account is locked, you must wait the set amount of time before being able to log into your account again. In the below picture of the Windows XP GPO, is an example of where this policy can be setup in Windows.
In the above example image, are three default policies. The Account lockout duration allows you to specify how many minutes the account remains locked once triggered. The Account lockout threshold allows you to specify how many invalid logins can occur before locking the account. Finally, the Reset account lockout counter after specifies the length in minutes the counter will reset if there have been no failed attempts. A good setting for most users is 60, 10, and 30.
Also see: Login, Security definitions