The new -1 value for maximum failed logins indicates that the failed login count in the syslogins column logincount is updated whenever an authentication failure occurs, but that the account is not locked. Compare with a o value, which avoids incrementing the column for every failed authentication and avoids locking the account due to authentication failures.
See “sp_passwordpolicy” and “sp_modifylogin account” for more information.
