Currently, it is possible to enter password indefinitely without inactivating the account. It appears to me that this is a safety ‘gap’, as someone with false intentions has lots of opportunities to try and hack an account.
Automatically inactivating an account after a number of wrongly entered passwords in a period of time (number and time-span should be configurable) would be a nice solution. This should be accompanied by a safe manner for the account owner to de-activate his account. For Zeeman employees this could be realised by sending an email with password reset code to the mailadress that is linked to the inactivated account.
In the meantime, you could think of some of the alternatives we offer already:
Thx for the reply. I assume both options are for every login, of in case a wrong password is entered multiple times?
These options are mainly used for security. The captcha checks whether it is a user who is logging in and not a machine trying to guess a users password. Two-factor authentication is used after login to be sure it is the user itself logging in.
Both options require the user to know its own password. If not, you could think of our password reset options.
I hope this gives you an idea about the current available options.
I think the idea you posted is a great extension to these options!