Just yesterday, we had a long discussion in Enjin Telegram, because a user called the password authentication of Enjin Wallet insecure.
They said, the wallet should lock itself after X attempts.
I like the suggestion that the user can enable a number of maximum attempts, but I also wanted to clarify it would take forever to bruteforce a strong password hashed by bcrypt or something like that.
I think, it would help users if you added some imaginable information to the security features of Enjin Wallet, e.g.
"If you choose a password with 8 random characters, it would take around 5 Years to log in to your account, when your phone is stolen", and probably more detailed information on how the password login is handled.
I think it would help users really understand and appreciate why security features are the way they are.