#6 increasing delay when login fails

[Frederic Minne]

To avoid dictionary attacks on login, when login fails the delay before the user can make another attempt should increase :

1st failed login no delay
2nd failed login 2 sec delay
3rd failed login 4 sec delay
4th failed login 8 sec delay
5th failed login 16 sec delay
...

Source : http://www.codinghorror.com/blog/archives/001206.html