Set the delay applied to subsequent authentication attempts after the
is exceeded. The delay should be a high enough value to make brute force password guessing impractical
while not inconveniencing legitimate users.
Please be aware that a web server thread will be kept waiting during the delay in the current implementation, so imposing a long delay risks exhausting all web server threads.
Apply no delay to authentication attempts if many login failures are detected.