add rate limit on the authentication layer for wrong credentials

[StephanWald]

demonstrate in the genuine authenticate how repeated wrong login attempts would be blocked after a certain count of failures