This causes the business layer to be suspended for the required number of seconds if an attempt is made to login to the Database using invalid credentials. This slows down malicious code attempting to login via the business layer by trying different Password combinations. Even a small setting like the default of 0.1 means that a malicious program can only try 600 attempts a minute.