Risk-based authentication using lockout states

What is claimed is: 1. A method of performing user authentication, the method comprising: receiving, by processing circuitry, an authentication request which includes a set of authentication factors and which identifies a particular user; performing, by the processing circuitry, an authentication operation to generate an authentication result in response to the authentication request, the authentication result being based on (i) the set of authentication factors of the authentication request, (ii) a user authentication profile which profiles the particular user, and (iii) a lockout state identifying a lockout condition of the particular user which existed at the time of receiving the authentication request; providing, by the processing circuitry and as a response to the authentication request, an authentication action based on the authentication result; based on the authentication result, updating the lockout state to identify an updated lockout condition of the particular user; storing the updated lockout state in non-volatile memory for use in a subsequent authentication operation; after updating the lockout state, receiving another authentication request which includes another set of authentication factors and which identifies the particular user; performing another authentication operation to generate another authentication result in response to the other authentication request, the other authentication result being based on (i) the other set of authentication factors of the other authentication request, (ii) the user authentication profile which profiles the particular user, and (iii) the updated lockout state identifying the updated lockout condition of the particular user; and providing, as a response to the other authentication request, another authentication action based on the other authentication result; wherein the lockout state indicates a “locked out” condition prior to performing the authentication operation, the “locked out” condition preventing the particular user from accessing a set of protected resources even upon successful standard authentication; and wherein updating the lockout state to identify the updated lockout condition of the particular user includes: after performing the authentication operation, setting the lockout state to indicate a “not locked out” condition to allow the particular user to access the set of protected resources upon successful standard authentication. 2. A method as in claim 1 , further comprising after performing the other authentication operation, setting the lockout state to continue to indicate the “not locked out” condition. 3. A method as in claim 1 , further comprising: after performing the other authentication operation, setting the lockout state to continue to indicate the “locked out” condition. 4. A method as in claim 1 wherein the authentication request is received from an external device operated by a human attempting to authenticate; wherein the authentication result includes a set of numerical risk scores which identifies a level of riskiness that the human is not the particular user; and wherein updating the lockout state to identify the updated lockout condition further includes deriving the updated lockout condition based on (i) the set of numerical risk scores of the authentication result and (ii) the lockout state identifying the lockout condition of the particular user which existed at the time of receiving the authentication request. 5. A method as in claim 1 wherein updating the lockout state to identify the updated lockout condition further includes: deriving the updated lockout condition based on (i) the authentication result and (ii) the lockout state identifying the lockout condition of the particular user which existed at the time of receiving the authentication request. 6. A method as in claim 5 wherein the authentication request is received from an external device operated by a human attempting to authenticate; wherein the authentication result includes a set of numerical risk scores which identifies a level of riskiness that the human is not the particular user; and wherein deriving the updated lockout condition includes applying a set of policies to (i) the set of numerical risk scores of the authentication result and (ii) the lockout state identifying the lockout condition of the particular user which existed at the time of receiving the authentication request to establish the updated lockout condition. 7. A method as in claim 5 wherein the authentication request is received from an external device operated by a human attempting to authenticate; wherein the authentication result includes a set of numerical risk scores which identifies a level of riskiness that the human is not the particular user; and wherein updating the lockout state to identify the updated lockout condition includes selecting, as the updated lockout condition, a particular predefined lockout condition from a set of predefined lockout conditions based on (i) the set of numerical risk scores of the authentication result and (ii) the lockout state identifying the lockout condition of the particular user which existed at the time of receiving the authentication request. 8. A method as in claim 5 wherein the authentication request is received from an external device operated by a human attempting to authenticate; wherein the authentication result includes a set of numerical risk scores which identifies a level of riskiness that the human is not the particular user; and wherein providing the authentication action includes selecting, as the authentication action, a particular predefined action from a set of predefined actions based on applying a set of policies to (i) the set of numerical risk scores of the authentication result and (ii) the lockout state identifying the lockout condition of the particular user which existed at the time of receiving the authentication request. 9. A method as in claim 8 wherein updating the lockout state to identify the updated lockout condition includes selecting, as the updated lockout condition, a particular predefined lockout condition from a set of predefined lockout conditions based on (i) the set of numerical risk scores of the authentication result and (ii) the lockout state identifying the lockout condition of the particular user which existed at the time of receiving the authentication request. 10. A method as in claim 9 wherein the lockout state identifying the lockout condition of the particular user which existed at the time of receiving the authentication request is a “locked out” condition preventing the particular user from accessing a set of protected resources during an amount of time even upon successful standard authentication; wherein selecting the particular predefined action from the set of predefined actions includes choosing, in response to successful high-trust authentication which imposes stronger security than standard authentication, a resource grant action which grants the human access to the set of protected resources before the amount of time has elapsed; and wherein selecting, as the updated lockout condition, a particular predefined lockout condition from the set of predefined lockout conditions includes choosing, in response to the successful high-trust authentication, the “not locked out” condition allowing the particular user to access the set of protected resources upon successful standard authentication. 11. An electronic apparatus, comprising: a communications interface; memory; and control circuitry coupled to the communications interface and the memory, the memory storing instructions which, when carried out by the control circuitry, cause th