Number of failed authentication attempts detected.
Each time a new attempt is detected, this counter gets incremented.
When attempt has been detected.
Device from where authentication has been made.
Ip from where authentication has been made.
Location from where authentication has been made.
Session which stores failed authentication attempts for the whole account, no matter from which device failed authentication has been made.
On the successful authentication, this session needs to be deleted.
This session is mainly used to detect brute force attack and employ some form of protection (recaptcha & account disabling for some amount of time).