In Steven writes: [snip]
That's all too commonly a result of someone trying to break into the account. After, perhaps, four tries, the system will freeze that ID pending human (or a related, more secure and painful computer inquisitory) intervention.
- which, btw, is one method of setting up a Denial Of Service attack against people or companies. If you could get, for example, President Washington's username at the Revolutionary Bank and Trust, and then try logging in a half dozen times, you'd cause him lots of annoyance.
Similarly, if you couldn't get a specific username, but had access to a "botnet", you could pseudo-randomly try hundreds of thousands of IDs at that bank, and lock out plenty of their users.
(designing circuit breaker/security algorithms for these banks is left as an exercise to the student).