judgement: Implement a fail safe system that allows your to try a password X number of times. If you max out the number of attempts the account gets locked out and a message is sent via email to notify this has happened to the owners email. In the email would be the requirements to unlock the account. Or change the pAssword. Just my suggestion

demon_king_1st: i agree