diff --git a/usr/lib/security-misc/pam-abort-on-locked-password b/usr/lib/security-misc/pam-abort-on-locked-password
index 2b07006..20b793d 100755
--- a/usr/lib/security-misc/pam-abort-on-locked-password
+++ b/usr/lib/security-misc/pam-abort-on-locked-password
@@ -28,6 +28,8 @@ else
    ## Should not unconditionally 'exit 1' here.
    ## Locked user accounts might have valid sudoers exceptions.
    ## https://forums.whonix.org/t/pam-abort-on-locked-password-and-running-privileged-command-from-web-browser/10521
+   ## 'exit 1' would be good for usability here because then the user would get
+   ## faster feedback. A new login attempt would not be needlessly delayed.
    exit 0
 fi