Limit repeated access attempts by locking out the user ID after not more than six attempts.