Consider the following simple method to handle attacks on the password based authentication: If a user fails to login in three successive attempts, the system locks his account suspecting an attack/intrusion. What major problem do you see with this method?