Are there any low-level settings in local Directory Service that can increase the blocking time after typing wrong password?
I find there's a global policy that can temporarily block/disable a user (only 1 minute) after authenticating with wrong passwords a few times.
But what I want to do is to increase that 1 minute to a longer time, or permanently disable that user. Is it possible?
Try using pwpolicy
pwpolicy -n /Local/Default -setpolicy "minutesUntilFailedLoginReset=3"
This will set the policy of a failed login for a local account to 3 mins between logins.
pwpolicy -n /Local/Default -setpolicy "maxFailedLoginAttempts=1"
This will set the maximum number of failed login attempts to just 1 (IMO this is way to restrictive to account for innocent typos)