Re: It only makes it easier to crack...
I don't think it necessarily implies the storing of failed logins.
One possible compromise would be that if the login is not successful, just delay the rejection response for a period of time, for example, 10 seconds.
So now you are open to DoS via resource depletion. What's your next plan?