Yeah, I use diceware passphrases for any passwords that I have to remember and type often (as opposed to passwords that live in KeepassX or Firefox), and at work, they lock your account after three failed logins... to *any* service using their single-signon. But the help desk will unlock it over the phone without any evidence that the caller is the owner of the account.
Personally, I like the idea of applying exponential backoff to password attempts.