Have you ever tried to login to your favorite website and mistakenly typed the wrong user name and password once, or even twice? I bet you have. And what about submitting a third consecutive false attempt? In most cases, at that point a secure website will start questioning the integrity of your actions.
From a defense point of view, websites should suspend and limit false login attempts to confirm authenticity once abnormal usage is detected.