I would like to suggest an optional switch that prevents brute force attacks:
* Tar pits - After each successive failure to log in the time for the next attempt increases.
* Account lock - After a number of failed attempts the account is locked for a period of time
* Access failure alert - An email is generated when a number of failed attempts take place.
Thank you for suggesting it, from my side I can promise you to bring up those suggestions on our next Dev meeting and maybe they will get onto the development roadmap.