I've always thought brute-force attacks on servers could be easily prevented by enforcing a 30-second delay between accesses. For instance, instead of:
Code:
Start of Loop
    Wait for Request
    Process Request
End of Loop
You have:
Code:
 
Start of Loop
    Wait for Request
    Process Request
    Sleep for 30 Seconds
End of Loop
I'd like to see you get through a dictionary at 2 words per second! I realise this could lead to people launching DoS attacks (DoS = Denial of Service), so as soon as someone tries to use a dodgy password, block the IP address for 30 minutes (or infinity, whichever you like).