What is the consequence for exceeding the number of invalid logon attempts?

Exceeding the number of invalid logon attempts typically results in account lockout. This is a security measure intended to protect against unauthorized access to accounts. By locking a user's account after a specified number of failed logon attempts, the system prevents potential attackers from using brute force techniques to guess passwords.

Account lockout policies are critical in maintaining the integrity of user accounts, as they effectively mitigate the risk of compromised passwords by requiring additional verification or intervention before access can be restored. This can involve the user contacting support or going through a password recovery process after their account has been locked.

While other options, like a password reset, notification, or IP address ban, may also be relevant in certain security contexts, account lockout is the more direct and widely implemented consequence of exceeding invalid logon attempts within the guidelines of secure access control.