It would be very helpful to have option to configure maximum attempt of failed login and a mechanism to lock/disable user account after the maximum failed attempt is reached.
Decide upon the number of login attempts to be allowed (configurable), and make sure that the account will be locked once the permitted number of attempts is exceeded. To avoid unnecessary support calls from genuine users who were locked out of their account and require enabling, it is possible to suspend account activity only temporarily, and enable it after a specific period of time. Locking the account for a period of ten minutes or so is usually sufficient to block brute force attacks.
This would be a huge benefit for Crowd to have as implementation.