I had an interesting idea. The authentication logic could require one or more failed log-ins using a specific chain of, possibly simpler, passwords. For instance, entering the password “abc123” would appear to fail, but would be required by the authentication logic. A subsequent correct password, such as “xyz321”, would then allow entry to the secured area. What makes this idea interesting is that to the bot or hacker the log-in attempt would appear to be a failure. What do you think? Would this improve security?