To prevent brute-force attacks, secure computer systems limit login attempts.  Traditionally, only three unsuccessful attempts are permitted.  This approach disincentivises the selection of strong passwords.  This article presents improvements to login timeout ergonomics that increase overall system security. Continue reading →