It has happened to me on numerous occasions that I am working on a terminal of my laptop and at that precise moment they request me in another office, or I have 'something' doing in a terminal and for convenience or necessity I must let a friend of mine use it for a few minutes my laptop, in cases like this ... How do I protect what I do in the terminal without having to completely block the user session?
Fortunately the package exists: vlock
Install this package on your system and then just run it in a terminal (vlock), you will see that the terminal is blocked/protected and until you press [Enter] and enter the password, it will remain that way 
If you want to see the log referring to failed attempts, successful login attempts and more, you just have to do a cat to the /var/log/auth.log file passing it as a parameter to grep "Vlock"
That is:
cat /var/log/auth.log | grep "vlock"
This is a simple tip, yes, but it has already been useful to me… I hope it is for you too 
regards