BruteForce module: increase delay between each login attempt
Nowadays, most authentication systems use to add more and more delay between each authentication attempt.
Design proposition
As LL::NG is able to define the time to wait atfer X login attempts, would it be possible to increase the delay time between each authentication attempt? For example
- after 1 try : 30 sec
- after 2 tries: 1 min
- after 3 tries : 2m
- after 4 tries : 5min
- after 5 tries (beyond the bruteForceProtectionMaxFailed value) : account locked for 15min
It might be useful at least to double the time between each attempt, or allow people to do so (with additional parameters), if the feature is not enabled by default. And also add in your documentation the fact tat people must increase default failedLoginNumber (default 5) value if they intend to use something like bruteForceProtectionMaxFailed=5