By default, the QBO 3 security module is designed to lock out accounts after three (3) failed login attempts.
Given a user name (Person), one can check the SecurityLog table to see the failed lockouts:
Note the following:
The lockout logic is this: how many failed login attempts have we had since the last successful login?
In the scenario above, when a user hits invalid password attempt #4, there was no successful login between the Account lock and the 4th attempt, the account is immediately locked out.
This behavior could be modified, but doing so would weaken security. The reason one locks out accounts after X attempts is because a hacker may be trying random passwords. If this is actually the case, chances are reasonable that the hacker and the real user are both trying to access an account. If we ignore the last successful login, we triple the number of hack attempts a hacker may use via the unlocking.