It is not using ldap or radius.

I observed that both account became enabled suddenly afterwards.

Am thinking this is just a setup mechanism on ftd to prevent unauthorized access.

What do you think?

What is the FTD version and what the FXOS version you on? Is your FTD running the FTD code or running the ASA code?

this should not happened. Not doubting you but could be you put in the wrong password earlier?

Found this on cisco documentation.

Failed Authentication—The user was prompted to authenticate, but failed to enter a valid
username/password pair within the maximum number of allowed attempts.

I noticed this by doing "show users" on the cisco FTD in the clish mode.

show users in clish mode will show you all the username are configured in your FTD.  (This include the username who have access the FMC) they will also showed in show users in clish.

Did you notice if it was showing "Yes" in the lock column while they were disabled?

I just check mine. it showed Lock No. but in your case in first attempt you could not login and suddenly later on it let you in the CLI.

show user
Login UID Auth Access Enabled Reset Exp Warn Str Lock Max
abc 1084 Remote Config Enabled N/A Never N/A Dis No N/A
xyz 1018 Remote Config Enabled N/A Never N/A Dis No N/A
admin 101 Local Config Enabled No Never N/A Ena No N/A

It is currently showing no:

Login UID Auth Access Enabled Reset Exp Warn Grace MinL Str Lock Max
admin 101 Local Config Enabled No Never Disabled Disabled 0 Dis No N/A
abc 1001 Local Config Enabled Yes Never Disabled Disabled 1 Dis No 5
dof 1000 Local Config Enabled No Never Disabled Disabled 12 Dis No 5

also do you know a command to set the password policy on the FTD?

You can use these blow feature. for example to set the minim password length. if you use Managed the FTD from FMC in that case you can look at the FMC Gui.

how you managed your FTD standalone or via fmc?

> configure user
  access           Set user access level
  add              Add user
  aging            Set user password aging
  delete           Delete user
  disable          Disable user
  enable           Enable user
  forcereset       Force user password reset
  maxfailedlogins  Set maximum failed logins
  minpasswdlen     Set minimum password length
  password         Set user password
  strengthcheck    Set strength requirement on user password
  unlock           Unlock user account

have a look on tihs document

https://www.cisco.com/c/en/us/td/docs/security/firepower/640/hardening/ftd/FTD_Hardening_Guide_v64.html

Would really be interesting to check the lock column if this should happen again. If you see the disabled users marked as locked out, including the admin account and you are not using any strict security model, then I would raise this with Cisco. I don't think you can configure the password policy on the FTD from the UI, I think you can only use the "configure user ..." command as already mentioned.

@Aref Alsouqi just to confirm i have tested

 > configure user strengthcheck apiuser enable

you can check the strengthcheck if the password is strong.

Enables or disables password strength checking, which requires a user to meet specific password criteria when changing their password. When a user’s password expires or if the configure user forcereset command is used, this requirement is automatically enabled the next time the user logs in.

however you can add,enable and disable

that is possible from the CLI, but I don't think you have equivalent configuration section on the UI.