Better Brute-Force protection: Add captcha solving requirement after little amount of failed attempts

Hi!

I think it would be a good idea to add another brute-force protection by forcing users to solve a captcha after 3-5 failed login attempts.

A little amount of 3 to 5 failed login attempts will make brute-forcing much harder and will probably also make brute-forcing with many proxies a lot harder.