Is it just me, or do others also feel that this default behavior is not appropriate? Imagine you use Manjaro at work, go to lunch break, come back to your desk right before an important meeting is scheduled, mistype your 30-char password (yes, 30 chars), then your account is locked. As a consequence you must either
a) lose work and context
b) lose time
c) be late for the meeting
Probably all a), b) and c) will happen due to this default account locking feature.
Proposal: by default it should not lock the account.
Original thread (now locked and for some reason not linkable):
Account gets locked for 10 minutes after 3 failed attempts
Personally, for what it’s worth, I like it a lot. I like that it’s security and privacy first.
People will always go through your stuff, whether because of curiosity or malice, we have no way of knowing. And the risk of someone snooping is greater the more people are present, for example in a work environment, as you mentioned.
The best you can do is make it hard to difficult for them, exactly what this does.