Detect Guessing and Act (Score 1)

Are ever-more-complex passcodes really the future of security? Guessing programs will keep getting faster and faster, after all. The real problem is login programs that don't notice guessing. A good login program should get cranky after a few dozen failed attempts, and log them all. Then 8-character passwords should be plenty. (eg, "get cranky" might mean "ignore the guessing IP or workstation for n++ minutes")