You can increase the security of your system by enforcing password restrictions, which will make it more difficult for unauthorized users to access your system. You can specify that each password must include at least two characters of each of the following four character types:
You can enforce a minimum length for the password and set a maximum time limit, after which the password will not be accepted.
By default, the system terminates a session after the user has three consecutive failed login attempts.
The user may then launch another session (which would also terminate after three consecutive failed login attempts). To increase security, you can lock users out of the system entirely after three failed consecutive login attempts.
After the user‘s account is locked out (using the configure account password-policy lockout-on-login-failures command), it must be re-enabled by an administrator.
Note
If you are not working on SSH, you can configure the number of failed logins that trigger lockout, using the configure cli max-failed-logins num-of-logins command. (This command also sets the number of failed logins that terminate the particular session.)