Security.AccountLockFailures:
Maximum allowed failed login attempts before locking out a user’s account.
Security.AccountUnlockTime:
Duration in seconds to lock out a user’s account after exceeding the maximum allowed failed login attempts
Sometimes it gets violates even if you provide valid credential then it will throw invalid Login exception. You can increase it from Configuration > Security