Failed authentication time limit?


According to the docs for Lockout and Fraud “you can adjust the number of consecutive failed authentication attempts allowed before the user’s account is locked out to prevent brute force attacks”. I have a couple of questions…

  1. Is there a way to specify a time limit? E.g. 5 failed attempts in 15 minutes?
  2. Does the failed count reset after a time? E.g. If I fail twice now and again in an hour without any successes in between does that count as a third consecutive fail?

Thanks for any help.