Steps to reproduce

1. Set password attempts limit to N
2. Try to log in with incorrect credentials throughout the uncertain timeframe (week, month)
3. Reach N attempts

Expected behaviour

App should block user after several consequent incorrect attempts within short time interval (like brute-force attack)

• 3 attempts in a row;
• 10 attempts within one hour;
• other options, considering amount + time interval between first-last attempt

Actual behaviour

Regardless when user will reach the limit (month, year), account will be blocked

Nextcloud version: 27.1.7
App version: 1.17.0