Password guessing

SB2: Servers or applications must implement a mechanism that inhibits password guessing attacks on user accounts if the server or application does its own authentication.

How to Comply

Block excessive logins

 Block user from logging in for a period of time after no more than 10 successive invalid login attempts.