first with if necessary.policyCategoryAuthenticationpolicyContent(policyAttributeFailedAuthentications < policyAttributeMaximumFailedAuthentications) OR (policyAttributeCurrentTime > (policyAttributeLastFailedAuthenticationTime + autoEnableInSeconds))policyIdentifierAuthentication LockoutpolicyParametersautoEnableInSeconds900policyAttributeMaximumFailedAuthentications3If the line "policyCategoryAuthentication" already exists, the following text should be used instead and inserted after the first tag that follows it:policyContent(policyAttributeFailedAuthentications < policyAttributeMaximumFailedAuthentications) OR (policyAttributeCurrentTime > (policyAttributeLastFailedAuthenticationTime + autoEnableInSeconds))policyIdentifierAuthentication LockoutpolicyParametersautoEnableInSeconds900policyAttributeMaximumFailedAuthentications3After saving the file and exiting to the command prompt, run the following command to load the new policy file:/usr/bin/sudo /usr/bin/pwpolicy setaccountpolicies pwpolicy.plistNote: Updates to passcode restrictions must be thoroughly evaluated in a test environment. Mistakes in configuration may block password change and local user creation operations, as well as lock out all local users, including administrators.