MAGNOLIA-3557 is a new security feature that locks an account out after a number of failed login attempts. This feature is available starting with Magnolia 4.4.3 and needs to be documented.
The feature is configurable in /server/security/userManagers and works for SystemUserManager and MgnlUserManager classes. Maximum number of attempts that triggers a lockout is 5 by default. Value 0 disables the function. Lockout is implemented by setting the user.enabled property to false. A lock can be removed by an administrator by enabling the user again in the user edit dialog (checkbox)