The account lockout threshold specifies the amount of times a user can enter an incorrect password before a lockout will occur. Ensure that a lockout threshold is part of the password policy on the computer. The account lockout feature mitigates brute-force password attacks on the system. The macOS also should be configured to enforce a lockout time period of at least 15 minutes when the maximum number of failed logon attempts is reached.