Comment on blog about - Multi-Step Authentication Processes: Lockout Policies

I saw this blog and thought it was a good idea. I'm always on the lookout for new ideas for web application security. What I like about the concept in this one is using session to track failed authentication. It's a good way to stop the not so smart bad guys from trying to play and play with username/pwd's combinations. You can view the blog here. Enjoy!