I don't think you can. If you would want to do this, you would have to implement your own logic for blocking functionality.
This can be done with a before commit event on the user entity (or your own specialization). There you can check if failedloginattempts > 0, if that's the case, perform all your own logic, and at the end reset this counter to 0.
You would then keep track of the number of failed attempts yourself, and instead of using the locked attribute, implement your own and make sure you set the user to active=false.
It takes some work but it makes everything much more flexible. Number of attempts can be set as well as your own logic for when and how to unlock can be implemented.
Depends how you are deploying your application. There is a custom setting that influences this: ClusterManagerActionInterval. Whenever the cluster manager runs it will unblock blocked users. I don't think you can change this setting when running in the cloud though.