Preventing Brute Force Logins on Websites

Question

As a response to the recent Twitter hijackings and Jeff\'s post on Dictionary Attacks, what is the best way to secure your website against brute force login attacks?

Answer 1

Do like most banks do, lockout the username/account after X login failures. But I wouldn't be as strict as a bank in that you must call in to unlock your account. I would just make a temporary lock out of 1-5 minutes. Unless of course, the web application is as data sensitive as a bank. :)