At the moment if a user tries and fails 3 times to log in, they are logged out. Is there any way of increasing the amount of attempts, i.e. put this up to 10?
I your application web.config find the key something like this SqlServerMembershipProvider or WindowsMembershipProvider and change the setting for password attempt.
you will probably find this under membership tag.
The key to look for in web.config is "maxInvalidPasswordAttempts"