1. How to change the failed authentication thresholds.
2. Change Next Tokencode threshold.
3. Change Lockout policy.

To change the Next Tokencode threshold for failed authentications, open the Security Console and identify the Token Policy assigned to the Security Domain you want to alter. Keep in mind that a policy can be assigned to more than one Security Domain and that a change to the policy will affect all Security Domains to which the policy is assigned. Go to Administration->Security Domains->Manage Existing. The existing Security Domains are listed and each can be viewed to show the currently assigned policies.

Once you have identified the Token Policy assigned to the Security Domain you want to alter, go to Authentication->Policies->Token Policies->Manage Existing. Click the policy you want to change and click Edit. In the SecurID Token Policy Basics section, change the value for "Require next tokencode after X incorrect passcodes" to the desired value. Click Save. The policy change is immediate.

To change the lockout threshold for failed authentications,  open the Security Console and identify the Token Policy assigned to the Security Domain you want to alter. Keep in mind that a policy can be assigned to more than one Security Domain and that a change to the policy affects all Security Domains to which the policy is assigned. Go to Administration->Security Domains->Manage Existing. The existing Security Domains are listed and each can be viewed to show the currently assigned policies.

Once you have identified the Lockout Policy assigned to the Security Domain you want to alter, go to Authentication->Policies->Lockout Policies->Manage Existing. Click the policy you want to change and click Edit. In the Parameters section, change the value for "Lock accounts after X consecutive failed authentications with X days", Click Save. The policy change is immediate.