It does require the site to store failed login attempts though or at least flag accounts. Could not that be used in a site attack?
Not a member of The Register?
Create a new account
Remember me on this computer?
The Register - Independent news and views for the tech community. Part of Situation Publishing
Join our daily or weekly newsletters, subscribe to a specific section or set News alerts
Biting the hand that feeds IT © 1998–2019