security: stop timing attacks #57
Description
while we're using bcrypt to do the hashing, I want to add extra layer of security,
whenever a user enters wrong password, I want to delay the response by LoginAttempts seconds before responding with a login failed.
This also solves bruteforcing issue. (Lockout already solved it, but this will be extra layer of security)