Access to most computer systems and applications require a user to establish a user account and to enter access information such as a username and password. A user's password is maintained in secret to prevent unauthorized access using the password. To gain unauthorized entry to a computer system, attackers may attempt to “guess” a user's password. Attackers attempt access by entering a username and trying different passwords in order to gain entry.
To prevent this attack, a user is allowed a limited number of attempts at accessing the user's account. When notified that the password entered was incorrect, a authentic user will often enter the same password in a second or more times. The user, for example, may be recalling a different password from a different account. However, when the user repeatedly, but mistakenly, enters the incorrect password, the entry of the incorrect password consumes the limited number of attempts. As a result, the user's account may be unnecessarily invalidated. The invalidation is probably unnecessary because an attacker would not repeatedly use the same incorrect password on the same account. Typically, only an authentic user would attempt the same password multiple times.