The security policy landing page allows us to configure a lockout penalty after a certain number of failed attempts. One option is to lock the account, the other is to impose an increasing delay after each failed login attempt.
After 3 failed login attempts, Pega throws a PRSecurityException and displays the Status Fail message. This prevents the lockout penalty mechanism from working. Is this still supposed to happen when the authentication lockout penalty mechanism is enabled?