Problem

Currently, anyone can attempt to brute-force user passwords almost effortlessly, even without advanced technical knowledge.

Proposed Feature

Introduce a setting that activates after a configurable number of failed login attempts. Users could choose to:

• Block all further login attempts and automatically send a password reset email
• Temporarily block login for a set duration (for example, 10 minutes)

Implementation

Once the failed-attempt threshold is reached, the system applies the user’s chosen block option. The counter resets upon successful login or after completing a password reset.

Benefits

This approach makes large-scale brute-force attacks impractical and takes a proactive step toward stronger account security.

~Rewritten with the help of AI for better formatting and clarity.~