Which measure can help mitigate brute force attacks on passwords?

Limiting login attempts is an effective measure to mitigate brute force attacks on passwords. By restricting the number of unsuccessful login attempts allowed within a specific timeframe, you can significantly reduce the possibility of an attacker successfully guessing a password through trial and error. This approach forces attackers to take more time to execute their attacks, thereby increasing the chances of detection before they can succeed. Moreover, after reaching the limit, further login attempts can be blocked or require additional verification, such as captcha challenges or temporary account locks, adding an extra layer of protection against unauthorized access.

In contrast, allowing sequential password entries could facilitate an attacker's efforts by not challenging their repeated attempts to guess a password, while using smaller password lengths diminishes security, making passwords easier to crack. Disabling account notifications would reduce awareness of unauthorized attempts to access an account, leaving users uninformed about potential security threats. Thus, limiting login attempts stands out as a proactive security measure specifically targeting the vulnerability exploited in brute force attacks.