Are there any low-level settings in local Directory Service that can increase the blocking time after typing wrong password?

I find there's a global policy that can temporarily block/disable a user (only 1 minute) after authenticating with wrong passwords a few times.

But what I want to do is to increase that 1 minute to a longer time, or permanently disable that user. Is it possible?


Try using pwpolicy

pwpolicy -n /Local/Default -setpolicy "minutesUntilFailedLoginReset=3"

This will set the policy of a failed login for a local account to 3 mins between logins.

pwpolicy -n /Local/Default -setpolicy "maxFailedLoginAttempts=1"

This will set the maximum number of failed login attempts to just 1 (IMO this is way to restrictive to account for innocent typos)