If you go to some famous online websites, you need to login to your account using your username and password. But if you use the wrong password to login 3 times, your account will be blocked. You need to call the customer service representative and get the new password to login again. Is it a good idea to set the policy of 3 failed login attempts?
Just imagine this situation. If a hacker is very familiar with using the tool to try different username and password during 2 hours in ABC Company, do you think it is easy for him to block other people’s accounts? Do you think the account owners will blame ABC Company?