It’s a security feature. The limit on attempts is to prevent someone guessing your password, either manually or via a program. The prohibition on using previously used passwords is also a security feature, it makes it more difficult to guess future passwords if past passwords can’t be used. The amount of attempts are arbitrary and more secure sites/networks/whatever you’re logging into will often have more restrictions (special characters, capital letters, numbers, no recogbizable words, etc.)