On my board with phpBB 3.3.2 installed and reCaptcha V3 spambot countermeasure installed and correctly configured, when you exceed the number of login attempts the error message says:

You exceeded the maximum allowed number of login attempts. In addition to your username and password you now also have to pass the CAPTCHA test.

While there is a CAPTCHA test, it's invisible if reCaptcha V3 or reCaptcha V2 Invisible CAPTCHAs are in use. So I suggest this error message be suppressed in cases of this kind of CAPTCHA.