Description
It would be nice if the default security realms supported locking an account after a certain number of consecutive failed logins. Lacking that, it would be nice if they supported a configurable delay on a failed login attempt. Both methods help defend against brute force login attacks.
This is a pretty low priority, but IMHO it still goes on the "nice to have" list.