A common attack method of gaining access to a login is to brute force attack. That means on a login page, you enter a username, and then put in a random password. If it fails, you repeat. And repeat. Ad nauseum. If the
user uses a simple password (eg ‘food’ or ‘password’), after enough attempts you will eventually guess the right password.
So to stop such behavior, software like vBulletin gives you five tries to get it right. If you fail, you get locked out.
Facebook extended it intelligently – if you fail enough times (I think I failed six times), it doesn’t just lock you out – it also redirects you to the password reset feature. Fill that out, and voila! You are back into business.
A nice little touch since vBulletin (and similar) lock you out for 15 minutes, regardless of you trying to reset your password.
Just a nice UI touch to have.