You can configure the POA to lock out a user that provides the wrong mailbox password too many times. For more information, see Configuring Intruder Detection.