We are using Jira 6.4.5 with Crowd 2.8.3.

1) When Crowd is offline any users who try to log in, their "Maximum Authentication Attempts Allowed" count increases since Jira isn't able to authenticate the users. This shouldn't be the case. Users will keep trying to log in and eventually max out their attempts. When Crowd is back online, we have their "Reset Failed Login Count" for them to be able to log in again.

2) https://confluence.atlassian.com/jira/configuring-jira-options-185729544.html
"The maximum authentication attempts that are allowed before CAPTCHA is shown to a user. If you leave it blank then CAPTCHA will never be shown and users will have unlimited authentication attempts."

When we try to leave it blank, it defaults back to 3.