Is it immoral to put a captcha on a login form?

Question

In a recent project I put a captcha test on a login form, in order to stop possible brute force attacks.

The immediate reaction of other coworkers was a request to remov

Answer 1

Captcha isn't a very traditional choice in login forms. The traditional protection against brute force attacks seems to be account locking. As you said, it has it's drawbacks, for example, if your application is vulnerable to account enumeration, then an attacker could easily perform a denial of service attack.