Bruce Cowper posted a very good article regarding the account lockout tools, which includes some good articles and tools about why it happens and how we can deal with.
This white paper talks about why we should use account lockouts.
A full tools package from Microsoft can be downloaded here.
However, someone points out that there is one potential thread that people can us this lockout feature as a DoS attack. Well, there is no perfect solution at all in this world on anything even though someone is always looking for it. It is just like another "You can't have fish and bear palm at one time" (chinese slang).
Everything you need to balance. For most of cases, password lock out is still working to those organizations that don't have that much chance to get this DoS attack, but for others, not using it may be better. If that does happen the only way to still make sure you are secure seems to be giving more complex password or pass phrase.
By the way, pass phrase is really a good idea to enhance the power of password. However, you need to balance it as well. Not everyone can type such long characters into the password fields.
The Great Debates: Pass Phrases vs. Passwords. Part 1 of 3
The Great Debates: Pass Phrases vs. Passwords. Part 2 of 3
The Great Debates: Pass Phrases vs. Passwords. Part 3 of 3