Depending on the context, account suspensions can be weaponized. By making someone you don't like /look/ like they are doing something dodgy, you can get them banned.
Like fail2ban. Nothing quite like the anxiety of almost locking yourself out of your own system because you mistyped a password one too many times. It's a delicate balance (although, for something like SSH, I wouldn't even bother, unless the traffic is measurable enough to cause issues. But then you're getting (D)DoS'd, and you probably have bigger problems).