Don't allow retries
A password can often be cracked quickly, because the systems allow dozens of attempts per second. Simply don't allow more than one password attempt per 5 seconds, and an 8 character password would take more than a million years to crack.