question about anti brute force lockout

[mk23]

So I understand that this option,

// Brute-force attacks prevention.
// The value specifies maximum number of failed logon attempts per minute.
$config['login_rate_limit'] = 3;

Will disable an account after 3 failed login attempts within 60 seconds, but for how long.
That is how long will a disabled user have to wait before they are re-eneabled?
Also is there a way to manually re-eneable the user?

Thanks

[JohnDoh]

Its x many attempts per 60 seconds.