Append an option to require captcha in login form only if first attempt fails
Summary
Currently, we can enable or disable captcha in forms. A security audit organization told us that asking for captcha at the first attempt is useless. To improve user experience, captcha could be required at the second or third attempt.
Design proposition
Append an option to set how many login attempts are allowed before asking for a captcha.