My library uses Bibliocommons as its interface. (I tend to use Bibliocommons as an example of Software (or Platform) as-a-Service.)
I was trying to sign on last night (a little after midnight, so some maintenance might have been going on), and got an error message saying I should try again. (I don't recall any maintenance notice.) I did try again, several times, until all at once I got a different message, basically saying that I was blocked out of my account for an hour because too many attempts had been made with the wrong password.
I wasn't trying with the wrong password (and confirmed that).
Therefore, there is something wrong in the security parts of the system, in that it can confuse it's own refusal to allow a login (for whatever reason) with a security violation.
This is concerning, since it may indicate potential weaknesses in the security system itself ...
............ This message may or may not be governed by the terms of http://www.noticebored.com/html/cisspforumfaq.html#Friday or https://blogs.securiteam.com/index.php/archives/1468