Ask HN: Best approach for managing failed login attempts?

Y	Hacker News new \| ask \| show \| jobs

	Ask HN: Best approach for managing failed login attempts?
	2 points by niblettc 1977 days ago
	Should I lock a user account based on X amount of failed login attempts over Y amount of time? Should X be 3 attempts and Y be 24 hours? Or should it be a higher number over all time? Once locked should the user have to request an unlock email with a link? What's the best approach?