This opens up the possibility of a malicious user intentionally locking out a named account, though, so forcing the user to pass a CAPTCHA test may be better.
